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‘Data Warehouse 
THE FEDERAL GOVERNMENT faces the same 


‘Trying to catch up to rivals, retailer uses IBM 
| technology to build 6OTB analytical database 
challenges as private industry in deploying 
the open XML standard, with the added 


burden of having no cohesive federal stan- 
dard for XML adoption and layer upon 

layer of bureaucracy. Even so, a number 

of federal agencies are forging ahead 

with multiple XML initiatives that promise 
to increase public access to information 
plus streamline record-keeping and cut 
costs. Public-sector companies should take 
note. STORY BEGINS ON PAGE 43. 


Vendors Try to Simplify J2EE 


But users’ needs vary | J2EE’s complexity has been an 
depending impediment to adoption 
epenaing on : among corporate developers. 
developers’ skills, Both Bowstreet Inc. and M7 
types of projects Corp. will address the com- 
: ea plexity issue when they 
launch new Java tools this 
week. And they will hardly be 
the first vendors to have 
| pounded that marketing beat 
over the past six months. 
From large vendors such as 
BEA Systems Inc. and IBM to 


BY CAROL SLIWA 

Java tools vendors are pushing 
products that aim to reduce or 
mask the complexity of the 
Java 2 Enterprise Edition de- 
velopment environment. But 
it’s not clear to what degree 
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smaller tool makers, including 
AltoWeb Inc. and Wakesoft 
Inc., 
resonate. 

“All are saying that J2EE is 
too hard ... and everyone is 
focused on what can sell,” 


Stamford, Conn.-based Gart- 
ner Inc. “What can sell is mak- 
ing J2EE development easier, 
and the added advantage is it 
does happen to [address] a 
true need.” 

But how strongly that need 
is expressed can vary widely 


J2EE, page 57 
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the message has begun to | 
| cost tens of millions of dollars 
| and provide the company with | 


said | 
| Daryl Plummer, an analyst at 


|Top 30 Holes 





BY MARC L. SONGINI 
Looking to make up for lost 
time in its use of business in- 


| telligence technology, The 

| Home Depot Inc. within 90 
| days plans to launch a 60TB 
| Web-accessible data ware- 

| house that will initially be 

| used for human resources 

| functions. 


Home Depot last week an- 
nounced that it will use IBM’s 


| DB2 database and p690 high- 


end Unix servers to run the 
data warehouse, which even- 
tually will also support the At- 
lanta-based home improve- 
ment retailer’s supply chain, 


Home Depot CIO Bob De- 
Rodes said the project will 


Fixes Named | 
Along With 


Public/private 
security initiative 
yields first action plan 
to beat hacker threat 


A collaborative initiative by 
federal agencies and a group 
of private-sector security or- 


| 
| 
BY DAN VERTON | 
ganizations last week yielded 


| BC tes 


& Home Depot said it will 


| its first purely analytical data- 

| base. He acknowledged that 
other retailers have beaten 

| inventory management and re- | 

| plenishment operations. 


Home Depot to the punch in 


| exploiting the capabilities of 
| business intelligence software. 


“We have, in fact, been be- 


| hind in data warehousing 


Home Depot, page 16 


a target list of the 20 most haz- 
ardous Internet security vul- 


| nerabilities, along with specif- 
| ic products and programs de- 


| signed to help companies 


| eradicate them. 


The list is the third com- 


| piled in as many years by The 


SANS Institute, a nonprofit 
security organization, and the 
FBI’s National Infrastructure 
Protection Center. However, 
this year marks the first time 
that security vendors have of- 
fered product upgrades spe- 
cifically targeting the vulner- 
abilities. 

Top 20, page 57 
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Does your software let you manage and protect your wireless enterprise no matter 
where it goes? 


Managing your enterprise was hard enough when you knew where it was. Now, thanks to the boom in wireless devices, mission-critical 
data and systems can walk in and out the door at will. That’s why it’s vital to have software that can keep track of your wireless enterprise 
no matter where it goes. Our infrastructure management software is considered the gold standard, making it one of the best choices for 
securing and managing your global environment. And it works across multiple platforms, so it’s compatible with what you have today 


and what you add tomorrow. Sure, your devices may still get lost. But your information won't ca.com/wireless/enterprise 


Wireless Solutions 
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WLAN Wars Ill: Attack of the Rogues 


in the Technology section: Math- 

ias Thurman struggles to get a 

grip on wireless LAN security 
re as rogue access points continue 


P 100702 





VOIP: Don’t Overlook Security 


In the Technology section: Security is 
often an overlooked aspect of VOIP 
implementations even though compa- 
nies can open up serious vulnerabilities 
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to multiply. Page 38 


Internet service outages 
affected some WorldCom 
users last week. 


IBM and Microsoft are 
upgrading their e-mail and 
collaboration products. 


New management tools 
promise to make it easier to 
identify and respond to secu- 
rity threats. 


Cisco Systems has launched 
wireless LAN access points 
that contain the same intelli- 
gence as its wired networking 
products. 


BMC Software said it’s devel- 
oping a set of tools that will 
allow users to control both 
mainframe and distributed 
databases from a single man- 
agement console. 


Computer Sciences has laid 
off about 200 of the 1,600 
workers involved in its deal 
with United Technologies. 


10 Handheld computer manufac- 


turers are bracing for an all- 
out price and feature battle. 


Pervasive computing could 
reduce business costs, but 
only if problems with technol- 
ogy, standards and vendor turf 
issues are overcome. 


The FTC will look at whether 
action taken by industry 
groups and states are thwart- 
ing Internet competitors. 


Network Appliance intro- 
duced a line of storage devices 
that can also support storage- 
area networking. 


TECHNOLOGY 


32 Field Report: Asset Manage- 
ment Extends IT Control. 
Asset management tools now 
go far beyond tracking PCs. 


34 Emerging Technologies: Tablet 
PCs Begin Slow Rollout. Ear- 
ly users like them, but tablet 
PCs will likely take a while 
to gain acceptance. 


36 QuickStudy: MPEG Stan- 
dards. These protocols pro- 
vide a way to deliver audio, 
video and multimedia over 
computer systems and net- 
works, including the Web. 


MANAGEMENT 


43 Cover Story: XML Goes to 
Washington. Federal agencies 
are lining up behind the open 
XML standard. 


45 ROI: By the Book. Steering 
clear of IT accounting deba- 
cles means knowing when 
and how to write off failed 
technology projects. 


46 How To: Who’s in the House? 
IT skills assessments are 
essential tools for managers 
attempting to make the best 
use of their IT workforce. 


50 Steal This Idea: Make Learn- 
ing Mandatory. Chuck Line- 
baugh, IT director at a large 
Chicago law firm, invites you 
to steal his idea of saving a 
bundle by making training 
and certification mandatory 
for all users. 


50 QuickScan: Here’s a snapshot 
of the state of IT help desks. 


when voice and data converge. Page 27 
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OPINION 


8 On the Mark: Mark Hall finds 


that retailers are reluctant to 
jump into Web services. 


24 Maryfran Johnson lauds a new 
security report that identifies 
the most dangerous holes in 
your network. It’s a cut above, 
she says, because for once, it 
also gives you the solutions. 


24 Pimm Fox thinks companies 
can easily grab millions of 
dollars in tax credits available 
to them with the help of exist- 
ing Web services. 


25 David Foote adds his voice 
to those who are skeptical 
about large-scale CRM appli- 
cations. But he says targeted, 
less ambitious development 
efforts are having success. 


40 Robert L. Scheier says Siebel 
Systems customers’ complaints 
about ROI should put the IT 
industry on notice. 


John Berry writes that juicing 
the numbers isn’t an option 
for IT managers using an eco- 
nomic value-added approach 
to IT financial management. 


Frankly Speaking: Frank 
Hayes worries about IT’s 
indifference to best practices, 
especially when they can save 
tens of millions of dollars for 
big IT shops. 
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Uh-oh: Exposed! 


FEATURE EXCLUSIVE: Privacy 
columnist Jay Cline gives CIOs a 
step-by-step plan for responding 
to a privacy PR disaster — as well 
as hints on preventing one. 

@ Quicklink 33356 
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Spy vs. Hacker 

NEWS HEADLINE: Guess who’s “war-driving” 
now? The U.S. Secret Service, which is scour- 
ing Washington and other cities in an effort 
to sniff out unsecured wireless LANs. 


@ QuickLink 22590 


Technical How-to’s 

KNOWLEDGE CENTER: Find links to tutorials 
in some of today’s hottest technology areas, 
including .Net dynamic scripts and Web ser- 
vices with Perl and AppleScript. 

@ QuickLink a2500 


Earnings Updates 

BREAKING NEWS: For the latest news about 
vendor earnings announcements, visit our 
IT Industry Earnings special coverage page. 
@ QuickLink at150 


Storage updates 

KNOWLEDGE CENTER: You'll get summaries 
of the latest storage news, opinions and tech- 
nical explainers from across the Internet 
with our Around the Web storage feature. 

@ QuickLink 22540 
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Breaking News 
© QuickLink a1510 


Newsletter Subscriptions 
© QuickLink a1430 
Knowledge Centers 

© QuickLink 22570 


The Online Store 
© QuickLink a2420 


What’s a QuickLink? 
On some pages ir 
this issue, you'll see 

a QuickLink code pointing 

to additional, related con- 

tent on our Web site. Just 
enter that code into our 

QuickLink box, which 

you'll see at the top of 

each page on our site. 
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Sun Adds Support 
For Solaris on Intel 


Sun Microsystems Inc. on Friday 
said it’s broadening support for 
Solaris 9 on 32-bit Intel Corp. 
systems. Starting next year, the 
company will sell several Sun- 
branded Intel servers running So- 
laris 9 and will support Solaris on 
non-Sun-branded Intel boxes as 
well. For $20, users will be able 
to download an early-access ver- 
sion of Solaris 9 for Intel before 
the end of the year. A production 
version will be available in Janu- 
ary and will sell for $99 per CPU. 


Oracle to Explain 
Service Levels 


Oracle Corp. by the end of the 
year will release a document that 
more clearly explains what level 
of service customers of its hosted 
software and remote software 
management services can expect. 
“We will be much more specific 
with people about what our ser- 
vice-level standards are,” an Ora- 
cle official said. 


Satellites at Risk, 
GAO Report Warns 


The General Accounting Office re- 
leased a report Thursday warning 
that the nation’s commercial 
satellites have been largely ig- 
nored in discussions of critica!- 
infrastructure protection and are 
vulnerable to attack by hackers. 
The report, which is posted on the 
GAO's Web site (www.gao.gov), 
suggests that federal agencies us- 
ing these satellites may be expos- 
ing sensitive data to unauthorized 
snooping. 


Short Takes 


Pleasanton, Calif.-based DOCU- 
MENTUM INC. is expanding its 
presence in the collaboration soft- 
ware marketplace by acquiring 
EROOM TECHNOLOGY INC. ina 
$125 million deal. . . San Jose- 
based EBAY INC. has completed 
its acquisition of online payment 
company PAYPAL INC. Peter Thiel, 
PayPal’s CEO, resigned. 


UUnet problems 
said to affect 20% 
of country’s users 


BY MATT HAMBLEN 
ORLDCOM INC. 
said problems 
loading routing 
data onto 

routers in its IP network led to 

Internet service outages af- 

fecting users for up to nine 

hours last Thursday. 

A WorldCom spokeswoman 
apologized to customers and 
said about 20% of the compa- 
ny’s IP user base in the U.S. 
was affected. However, some 
analysts said Internet moni- 
| toring technology showed 
even more widespread prob- 
lems in the U.S. and abroad. 

The breadth of the outage 
was substantial because 
WorldCom and its UUnet 
backbone network serve nu- 


Notes/Domino 6 
ships; Exchange to 
upgrade next year 


BY TODD R. WEISS 
IBM and Microsoft Corp. are 
hitting each other with duel- 
ing upgrades of their e-mail 
and collaboration software, 
| with both vendors touting 
| new features aimed at making 
| the products easier to use. 
IBM’s Lotus Software Group 
last week released an upgrade 
of its Notes and Domino soft- 
ware that includes improved 
performance and new features 
| such as antispam technology, 
Java 2 Enterprise Edition sup- 
port and tighter ties to DB2, 
WebSphere and other IBM 
software products. 
Microsoft will follow this 











NEWS 


merous Internet service 
providers, many with large 
customer bases of their own. 
WorldCom wouldn't divulge 
how many IP customers it has 
altogether, but spokeswoman 
Jennifer Baker said the num- 
ber is in the thousands. 

Service disruptions, includ- 
ing delays and outages, started 
at about 8 a.m. EDT on Thurs- 
day and ended shortly after 5 
p.m., Baker said. She declined 
to name the maker of the af- 
fected routers and defended 
WoridCom’s technical staff. 
“We believe we have very tal- 
ented engineers and techni- 
cians that are monitoring our 
network and will continue to 
do that,” Baker said. 

However, Tom Ohlsson, 
vice president of marketing at 


| Matrix NetSystems Inc. in 


Austin, Texas, which monitors 
Internet services, said its glob- 
al monitoring software indi- 


IBM, Microsoft Push Rival 
Messaging Software Plans 


week by previewing the next 
version of its Exchange e-mail 
server at the Microsoft Ex- 
change Conference 2002 in 
Anaheim, Calif. Code-named 
Exchange Titanium and due 
by mid-2003, the updated 
product will provide lower to- 
tal cost of ownership and offer 
increased potential for cost- 
saving server consolidation, 
Microsoft officials said. 

Notes and Domino 6, which 
IBM first detailed last January 
[QuickLink 26920], were re- 
leased along with upgrades of 
Lotus’ Sametime instant mes- 
saging software and Quick- 
Place tools for Web-based col- 
laboration. Lotus also rolled 


| out new Web conferencing 


and e-learning software. 
Phil Usher, executive vice 
president at Countrywide 





cated an “unprecedented” out- 
age throughout the U.S., near- 
ly all of Mexico and parts of 

Canada, Europe and the Pacif- 


| ic Rim. “The network basically 


came crashing down,” he said. 


Other Providers Hit 
Ohlsson said the 20% of cus- 
tomers with outages that 
WorldCom acknowledged in- 
volved Web sites that the com- 
pany hosts itself. But, he 
added, Matrix’s monitoring 
showed that the router prob- 
lems also affected Internet 
services offered by Sprint 
Corp. and AT&T Corp., which 
both use the UUnet backbone. 

Some WorldCom customers 
had been nervous about out- 
ages even before last week’s 
disruption, due to the compa- 
ny’s financial difficulties and 
its Chapter ll bankruptcy pro- 
tection filing in July. 

Greg Marney, CEO of 


Credit Industries Inc. in Cal- 
abasas, Calif., said the insur- 
ance and financial services 
company has been using a 
beta-test version of Notes and 
Domino 6. Countrywide found 
“much-improved” network 
bandwidth performance for 
e-mail and other collaboration 
applications, he said. 

“The important thing for us 
was that we could move to the 
new versions and gain the fea- 


One-on-One 


New features from IBM and 
Microsoft include the following: 


NOTES/DOMINO: 

= Automated client upgrade tools 
® Improved e-mail archiving 

= Antispam controls 


EXCHANGE TITANIUM: 

= Bundled administrative tools 

® Support for up to eight-node 
redundancy 


@ Native support for mobile 
devices 
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WorldCom Blames Outage 
On Router Maintenance Work 


Packet loss on selected 
Internet circuits just prior to 8 
a.m. EDT, Thursday: 


Packet loss on the same cir- 
cuits 15 minutes later: 


aUSTie Eahe NETSYSTEMS INC 
Northwest Open Access Net- 
work, a Wenatchee, Wash.- 
based telecommunications 
wholesale company that pro- 
vides transport services in 
rural parts of the state, said his 
staff has started checking in 
weekly with WorldCom. “The 
real intent is to make sure that 
they are operating like we 
hope they will,” Marney said. D 


Patrick Thibodeau contributed 
to this story. 


tures without having to go to 
new hardware,” Usher added. 

Marlo Foltz, manager of 
e-school design at Credit 
Union National Association 
Inc. & Affiliates, said Lotus’ 
Virtual Classroom e-learning 
software has provided big im- 
provements over earlier prod- 
ucts for beta-test users at the 
Madison, Wis.-based trade as- 
sociation for credit unions. 

For example, an older 
e-learning tool that was part of 
Sametime required users to 
make software adjustments in 
order to ease collaboration in 
a virtual classroom, Foltz said. 
But the new application is 
much more intuitive and does- 
n’t need as much customiza- 
tion, she added. 

Lotus said the Domino 6 
e-mail server software is 
priced at $894 per hardware 
server, while the Domino 6 ap- 
plication server starts at 
$2,308 per system. Notes 6 
client licenses start at $70 per 
user. D 





www.computerworld.com 
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Users Get Improved Security 
Management Tool Offerings 


IBM, Symantec, 
ArcSight bring in 
data consolidation 
BY JAIKUMAR VIJAYAN 

A flurry of management soft- 
ware announcements promis- 
es to enable corporations to 
more efficiently deal with se- 
curity threats by aggregating 
and intelligently sifting 
through real-time data from 
enterprise security systems. 

The products, from IBM, 
Symantec Corp. and ArcSight 
Inc., work by tapping and cor- 
relating data from enterprise 
firewalls, intrusion detectors 
and antivirus software and 
presenting it in a central man- 
agement console. 

This aggregation and analy- 
sis is crucial in identifying real 
threats for corporations that 
are drowning in a flood of se- 
curity data from enterprise se- 
curity monitors. 

“The data consolidation al- 
lows you to be more efficient 
from a manpower perspective, 
while the correlation allows 
you to be more efficient in re- 
ducing the false positives,” 
said Steve Jeffers, manager of 
enterprise security services at 
Avnet Inc., a Phoenix-based 
distributor of electronic com- 
ponents and a beta tester of 
Symantec’s new software. 

“It’s very important to get a 
holistic view of the events tak- 
ing place across each security 
product layer” to pinpoint the 
real threats, said Bob Justus, 
vice president of information 
security at the Union Bank of 
California NA in San Francis- 
co, an ArcSight customer. 


Early Warnings 

The bank’s security systems 
generate about 100,000 events 
daily, which ArcSight’s soft- 
ware checks for clues indicat- 
ing possible attacks. 

Each of the new products is 
aimed at providing similar 
early warnings. 

For instance, Cupertino, 








Calif.-based Symantec’s new 


| Security Management System, 


launched last week, features 
an event manager, an incident 
manager and a policy compli- 
ance tool. The event manager 
allows users to collect and 
correlate security data from 
Symantec and third-party fire- 
wall and antivirus products. 

The incident manager offers 
real-time incident manage- 
ment capabilities by using a 
risk analysis engine to priori- 
tize incident responses based 
on the business importance of 
the assets being attacked. 

The third component is an 
enterprise security manager 


| that among other things lets 


companies build and enforce 
customized security policies. 

Such capabilities “simplify 
the management of heteroge- 


| neous products and focus se- 


| 
| 





curity efforts on the accurate 
and timely identification of 
threats,” said Craig Rode, a 
Symantec product manager. 


| Responding to Threats 


Meanwhile, the latest version 
of Sunnyvale, Calif.-based Arc- 
Sight’s security management 
software, Arcsight 2.0, was de- 
signed to help companies 


| weed out false alerts and pri- 


oritze the manner in which 
they protect their assets. It 
will be launched this week. 
ArcSight prescribes remedial 
action based on the potential 


| damage an event can cause, its 
| likely targets and their degree 


of exposure to a threat. Multi- 
ple ArcSight managers can be 


| deployed across a network, 


and all the information can be 


Cisco Builds Intelligence 
Into Wireless LAN APs 


Strategy differs 
from that of rival 
BY BOB BREWIN 
Cisco Systems Inc. has intro- 
duced a wireless LAN access 
point that’s the first wireless 
product to incorporate the In- 
ternetwork Operating System 
(IOS) used in the company’s 
routers, switches and other 
wired network equipment. 
Analysts said introduction 


| of the product, priced at $599, 


sets the stage for a battle be- 
tween Cisco and Holtsville, 
N.Y.-based Symbol Technolo- 
gies Inc., which last month in- 
troduced a decentralized, 
switch-managed wireless LAN 
architecture. 

Craig Mathias, an analyst at 
Farpoint Group in Ashland, 
Mass., said the competition 
among Symbol, Cisco and oth- 
er wireless LAN suppliers 


| “could get nasty, because this 


is the only bright spot in the 
networking market.” 

Ron Seide, product line 
manager at Cisco, said inte- 
grating IOS into the new 1100 
Series AP follows the compa- 
ny’s philosophy of “pushing 
intelligence to the edge of the 
network.” 

The IOS will enable support 
for wired network features 
such as quality-of-service con- 
trols that allow voice over IP 


Dueling 
Architectures 
CISCO SYSTEMS 

Builds intelligence into its $599 
access points by means of the 
{OS software Cisco uses in its 
wired network products. 
SYMBOL TECHNOLOGIES 
Builds intelligence into con- 
troller/switch: its $279 access 
ports have no intelligence. 


Security 
Management 
Systems: 

= GATHER security event data 
from multiple firewalls, intrusion 


detectors and antivirus tech- 
nologies 


= CONSOLIDATE, correlate and 
analyze the data. 


= PRESENT the information in a 
single centralized console 


= RECOMMEND and prioritize 
responses to potential attacks. 


captured in one location. 
ArcSight’s technology “al- 
lows me to take the events 
from a router, network-based 
| intrusion-detection systems, 
firewalls and application 
| transaction logs to see what 
people are trying to do to the 
| bank’s systems,” Justus said. 
IBM this week will an- 
nounce a new version of its 
| Tivoli Risk Manager, featuring 


| traffic to take precedence over 
| data traffic. 
The 1100 Series will initially 

operate under the 802.1ib, or 

| Wi-Fi, standard, which pro- 
vides 11M bit/sec. throughput 
in the 2.4~GHz unlicensed fre- 
quency band. Seide said the 

| product is upgradable to 
802.llg, which offers 54M 
bit/sec. throughput in the 
same band. 

| — Cisco has taken a “funda- 
mentally different” approach 

| to its new wireless LAN prod- 

| ucts from the one Symbol has 

| taken, Seide said. The new ar- 

| chitecture Symbol introduced 

| last month, called Mobius, is 

| designed around inexpensive 

access ports that have all of 

their intelligence housed in a 

central switch. The product 

sells for $279. Symbol’s access 

ports house only transmitter, 

receivers and not the software 

| and firmware used in access 

points. 

Seide said the Symbol ap- 
proach requires users to buy 
and install the expensive con- 
troller box as well as the ac- 
| cess ports before they can 
reap the benefits of wireless 
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a “heartbeat” function that 
proactively notifies adminis- 
trators of potential failures in 
the security infrastructure. 
The software will come 
integrated with IBM Tivoli 
NetView and Tivoli Data 
Warehouse to provide more 
network-centric views of secu- 
rity incidents and better foren- 
sics and historical reporting 
capabilities, said Arvind Krish- 
na, a director in IBM’s Tivoli 
group. “You can now look at 
all your security events, net- 
work events, application 
events and server events in 


| one place,” Krishna said. 


Software such as this ad- 
dresses an area of growing 
concern for users, said Pete 
Lindstrom, an analyst at Spire 
Group, a Malvern, Pa.-based 
consultancy. “Companies are 


| overwhelmed by security in- 


formation and are looking for 
some sort of a prioritization 
layer,” he said. “Security event 
managers provide the central 
console for the threat manage- 
ment picture.” D 


LANs. The 1100 Series re- 
quires only a network connec- 
tion to work out of the box, of- 
fering more flexibility at a 
lower cost, he claimed. 

Ray Martino, a Symbol vice 
president, agreed that intelli- 
gence belongs at the edge of 
the network, but added, “I be- 
lieve the edge is the wiring 
closet.” Using Cisco’s logic in 
the wired world “would mean 
installing Ethernet controllers 
on floorboards,” he said. 

Mathias said the Symbol ap- 
proach offers users more flexi- 
bility and could lead to a low- 
er total cost of ownership. He 
predicted that other wireless 
LAN vendors will soon begin 
to imitate the Symbol Mobius 
architecture. 

Jay Dominick, assistant vice 
president for information sys- 
tems at Wake Forest Universi- 
ty in Winston-Salem, N.C., 
said the speed of wireless 
LAN product development 


| and differing standards make 


it difficult to choose any par- 
ticular architecture. “If you 
bet on something right now, 
you could be wrong in a year,” 
he said. D 
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Sun Adds Support 
For Solaris on Intel 


Sun Microsystems Inc. on Friday 
said it’s broadening support for 
Solaris 9 on 32-bit Intel Corp. 
systems. Starting next year, the 
company will sell several Sun- 
branded Intel servers running So- 
laris 9 and will support Solaris on 
non-Sun-branded intel boxes as 
well. For $20, users will be able 
to download an early-access ver- 
sion of Solaris 9 for Intel before 
the end of the year. A production 
version will be available in Janu- 
ary and will sell for $99 per CPU. 


Oracle to Explain 
Service Levels 


Oracle Corp. by the end of the 
year will release a document that 
more clearly explains what level 
of service customers of its hosted 
software and remote software 
management services can expect. 
“We will be much more specific 
with people about what our ser- 
vice-level standards are,” an Ora- 
cle official said. 


Satellites at Risk, 
GAO Report Warns 


The General Accounting Office re- 
leased a report Thursday warning 
that the nation’s commercial 
satellites have been largely ig- 
nored in discussions of critical- 
infrastructure protection and are 
vulnerable to attack by hackers. 
The report, which is posted on the 
GAO's Web site (www.gao.gov), 
suggests that federal agencies us- 
ing these satellites may be expos- 
ing sensitive data to unauthorized 
snooping. 


Short Takes 


Pleasanton, Calif.-based 
MENTUM is expanding its 
presence in the collaboration soft- 
ware marketplace by acquiring 
EROOM + HN l 3¥ INC ina 
125 million deal. . ..San Jose- 
based EBAY INC. has completed 
its acquisition of online payment 
company PAYPAL INC. Peter Thiel, 
PayPal’s CEO, resigned. 
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orldCom Blames Outage 
On Router Maintenance Work 


UUnet problems 
said to affect 20% 
of country’s users 


BY MATT HAMBLEN 
ORLDCOM IN¢ 
said problems 
loading routing 
data onto 
routers in its IP network led to 
Internet service outages af 
fecting users for up to nine 
hours last Thursday. 

A WorldCom spokeswoman 
apologized to customers and 
said about 20% of the compa 
ny’s IP user base in the U.S. 
was affected. However, some 
analysts said Internet moni- 
toring technology showed 
even more widespread prob 
lems in the U.S. and abroad. 

Che breadth of the outage 
was substantial because 
WorldCom and its UUnet 
backbone network serve nu 


merous Internet service 
providers, many with large 
customer bases of their own 
WorldCom wouldn't divulge 
how many IP customers it has 
altogether, but spokeswoman 
Jennifer Baker said the num 
ber is in the thousands. 

Service disruptions, includ- 
ing delays and outages, started 
at about 8 a.m. EDT on Thurs- 
day and ended shortly after 5 
p.m., Baker said. She declined 
to name the maker of the af- 
fected routers and defended 
WorldCom’s technical staff. 
“We believe we have very tal- 
ented engineers and techni 
cians that are monitoring our 
network and will continue to 
do that,” Baker said. 

However, Tom Ohlsson, 
vice president of marketing at 
Matrix NetSystems Inc. in 
Austin, Texas, which monitors 
Internet services, said its glob 


al monitoring software indi 


IBM, Microsoft Push Rival 
Messaging Software Plans 


Notes/Domino 6 
ships; Exchange to 
upgrade next year 


BY TODD R. WEISS 
IBM and Microsoft Corp. are 
hitting each other with duel 
ing upgrades of their e-mail 
and collaboration software, 
with both vendors touting 
new features aimed at making 
the products easier to use 

IBM’s Lotus Software Grou 
last week released an upgrade 
of its Notes and Domino soft 
ware that includes improved 
performance and new features 
such as antispam technology 
Java 2 Enterprise Edition sup 
port and tighter ties to DB2, 
WebSphere and other IBM 
software products. 

Microsoft will follow this 


week by previewing the next 
version of its Exchange e-mail 
server at the Microsoft Ex 
change Conference 2002 in 
Anaheim, Calif. Code-named 
Exchange Titanium and due 
by mid-2003, the updated 
product will provide lower to 
tal cost of ownership and offer 
increased potential for cost 
saving server consolidation, 
Microsoft officials said 

Notes and Domino 6, which 
IBM first detailed last January 


l 607 


{QuickLink 26920], were re 


leased along with upgrades of 
Lotus’ Samctime instant mes 
saging software and Quick 
Place tools for Web-based col 
laboration. Lotus also rolled 
out new Web conferencing 
and e-learning software 

Phil Usher, executive vice 
president at Countrywide 


cated an “unprecedented” out | 
age throughout the U.S., near- | 
ly all of Mexico and parts of 

Canada, Europe and the Pacif- 
ic Rim. “The network basically 
came crashing down,” he said. 


Other Providers Hit 


Ohlsson said the 20% of cus- 
tomers with outages that 
WorldCom acknowledged in- 
volved Web sites that the com- 
pany hosts itself. But, he 
added, Matrix’s monitoring 


| 
| 
| 
| 
| 


showed that the router prob 
lems also affected Internet 
services offered by Sprint 
Corp. and AT&T Corp., which 
both use the UUnet backbone. 

Some WorldCom customers 
had been nervous about out 
ages even before last week’s 
disruption, due to the compa 
ny’s financial difficulties and 
its Chapter ll bankruptcy pro 
tection filing in July. 

Greg Marney, CEO of 


Credit Industries Inc. in Cal 
abasas, Calif., said the insur 
ance and financial services 
company has been using a 
beta-test version of Notes and 
Domino 6. Countrywide found 
“much-improved” network 
bandwidth performance for 
e-mail and other collaboration 
applications, he said. 

“The important thing for us 
was that we could move to the 
new versions and gain the fea- 


OTs) 


New features from IBM and 
Microsoft include the following: 
NOTES/DOMINO 

= Automated client upgrade tools 
= Improved e-mail archiving 

# Antispam controls 


Peer ee eeeeeseeseseeeseeeeeee 


EXCHANGE TITANIUM: 
= Bundled administrative tools 


= Support for up to eight-node 
redundancy 


= Native support for mobile 
devices 


Outage 
Indicators 


eee M MEL te lt) 
CMM iene lal g lm Os) 
a.m. EDT, Thursday: . 


Packet loss on the same cir- 
cuits 15 minutes later: 21°%o 


Northwest Open Access Net- 
work, a Wenatchee, Wash.- 
based telecommunications 
wholesale company that pro- 
vides transport services in 
rural parts of the state, said his 
staff has started checking in 
weekly with WorldCom. “The 
real intent is to make sure that 
they are operating like we 
hope they will,” Marney said. D 


Patrick Thibodeau contributed 
to this story. 


tures without having to go to 
new hardware,” Usher added 

Marlo Foltz, manager of 
e-school design at Credit 
Union National Association 
Inc. & Affiliates, said Lotus’ 
Virtual Classroom e-learning 
software has provided big im 
provements over earlier prod 
ucts for beta-test users at the 
Madison, Wis.-based trade as 
sociation for credit unions 

For example, an older 
e-learning tool that was part of 
Sametime required users to 
make software adjustments in 
order to ease collaboration in 
a virtual classroom, Foltz said 
But the new application is 
much more intuitive and does 
n't need as much customiza 
tion, she added. 

Lotus said the Domino 6 
e-mail server software is 
priced at $894 per hardware 
server, While the Domino 6 ap 
plication server starts at 
$2,308 per system. Notes 6 
client licenses start at $70 per 
user. D 





Users Get Improve 
Management Tool 


IBM, Symantec, 
ArcSight bring in 
data consolidation 


BY JAIKUMAR VIJAYAN 

A flurry of management soft 
ware announcements promis 
es to enable corporations to 
more efficiently deal with se 
curity threats by aggregating 
and intelligently sifting 
through real-time data from 
enterprise security systems. 

Che products, from IBM, 
Symantec Corp. and ArcSight 
Inc., work by tapping and cor 
relating data from enterprise 
firewalls, intrusion detectors 
ind antivirus software and 
presenting it in a central man 
agement console 

rhis aggregation and analy 
sis is crucial in identifying real 
threats for corporations that 
are drowning in a flood of se 
curity data from enterprise se 
curity monitors. 

“The data consolidation al 
lows you to be more efficient 
from a manpower perspective, 
while the correlation allows 
you to be more efficient in re 
ducing the false positives,’ 
said Steve Jeffers, manager of 
enterprise security services at 
Avnet Inc., a Phoenix-based 
distributor of electronic com 
ponents and a beta tester of 
Symantec’s new software 

‘It’s very important to get a 
holistic view of the events tak 
ing place across each security 
product layer” to pinpoint the 
real threats, said Bob Justus, 
vice president of information 
security at the Union Bank of 
California NA in San Francis 
co, an ArcSight customer. 


Early Warnings 

Che bank’s security systems 
generate about 100,000 events 
daily, which ArcSight’s soft 
ware checks for clues indicat 
ing possible attacks. 

Each of the new products is 
aimed at providing similar 
early warnings. 

For instance, Cupertino, 


Calif.-based Symantec’s new 
Security Management System 
launched last week, features 
in event manager, an incident 
manager and a policy compli 
ance tool. The event manager 
allows users to collect and 
correlate security data from 
Symantec and third-party fire 
wall and antivirus products 

Che incident manager offers 
real-time incident manage 
ment capabilities by using a 
risk analysis engine to priori 
tize incident responses based 
on the business importance of 
the assets being attacked 

Che third component is an 
entert rise security manager 
that among other things lets 
companies build and enforce 
customized security policies 

Such capabilities “simplify 


the management of heteroge 


Security 
ffering 


neous proc 


S and focus se 
curity efforts on the accurate 
tification of 


ind tim 


Responding to Threats 
Mea! the latest version 
of Sunnyval ised Arc 
Sight’s secu 
sottware, 

ied to help comp 
weed out false alerts ar | 
oritze the manner in which 
they protect their assets. It 
will be launched this week 

ArcSight prescribes remedial 


1 


action based on the potential 


t can cause, Its 
legre¢ 
Multi 


managers can be 


network, 


Cisco Builds Intelligence 
Into Wireless LAN APs 


Strategy differs 
from that of rival 


BY BOB BREWIN 
o Systems Inc. has intro 

duced a wireless LAN acces 
point that’s the first wireless 
product to incorporate the In 
ternetwork Operating System 
(IOS) used in the company’s 
routers, switches and other 
wired network equipment 

Analysts said introduction 
of the product, priced at $599, 
sets the stage for a battle be 
tween Cisco and Holtsville, 
N.Y.-based Symbol Technolo 
gies Inc., which last month in 
troduced a decentralized, 
switch-managed wireless LAN 
architecture 

Craig Mathias, ar 
Farpoint Group in Ashland, 


1 analyst at 


Mass., said the competition 
among Symbol, Cisco and oth- 
er wireless LAN suppliers 
“could get nasty, because this 


1100 
compa 
pa 


ushing 


support 
rK features 
such juality-of-service con 


trols that voice over IP 


Dueling 
Architectures 


CISCO SYSTEMS 

Builds intelligence into its $599 
access points by means of the 
10S software Cisco uses in its 
wired network products. 


Seer reese sseeseseseeseeee 


SYMBOL TECHNOLOGIES 
Builds intelligence into con- 
troller/switch; its $279 access 
ports have no intelligence 


Security 
Management 
Systems: 
GATHER security 
CONSOLIDATE 
PRESENT the inf 


RECOMMEND and pr 


‘aptured in one location 
ArcSight’s technology “al 
lows me to take the events 
from a router, network-based 
intrusion-detection syste 
firewalls and application 
transaction logs to see wh 
people are trying to do to the 


Justus said 


bank’s syster 
IBM this week will an 


nounce a new version OF its 


Vivoli Risk Manager, featuring 


traffic to take prece 
data traffic 
The 1100 Series v 


operate under the 802 


h offers 54M 


throughput in th 
througnput in the 


» band 


taken, Seide said 
chitecture Symbol in 
last month, called Mot 


lesigned around inexpensive 


iccess ports that have all 
their intelligence housed 
central switch. The product 
sells for $279. Syrnbol’s 
ports house only 
receivers and not the softwar« 
and firmware used in access 
points 

Seide said the Symbol ap 
proach requires users to buy 
and install the expensive con 
troller box as well as the ac 
cess ports before they can 


reap the benefits of wireless 
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} 


sident for inf 
it Wake For 
Winston-Sal 

the speed of wirel 


LAN product devek 


ind differing standard 


pment 


it difficult to « 


hoose any par 


ticular architecture. “If you 


bet on something right now, 
you could be wrong in a year,” 


he said. D 
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BRIEFS 


EMC Cuts Outlook, 
Plans More Layoffs 


EMC Corp. said it plans more 
layoffs and warned that it now 
expects to remain in the red 
through year’s end. The Hopkin- 
ton, Mass.-based storage vendor 
said it will eliminate about 1,300 
jobs, cutting its workforce by 7%. 
Corporate IT spending “continues 
to be brutal” and became even 
weaker than it had been late in 
the third quarter, said Joseph 
Tucci, EMC’s CEO. 


Sabre Mainframe | 


Migration Milestone 


Sabre Holdings Corp. said it has 
finished an initial migration of its 
airfare pricing application from 
IBM mainframes to Hewlett- 
Packard Co.’s HP NonStop 
servers. Southlake, Texas-based 
Sabre said it had no downtime 

in its first 60 days on the HP 
systems. Sabre last year began 
a $100 million project aimed at 
moving its airline reservation sys- 
tem off mainframes by 2004. 


Microsoft Warns of 


Database, OS Holes 


Microsoft Corp. issued four new 
security warnings, including two 
rated “critical” that involved its 
SQL Server database and the 
Help functions included in all 
current versions of Windows. An 
unchecked buffer in the Windows 
Help code could jet attackers take 
control of unprotected systems, 
Microsoft said. A similar flaw 
affects SQL Server 7.0 and SQL 
Server 2000, the company said. 


Short Takes 


IBM completed its $3.5 billion ac- 
quisition of New York-based PWC 
CONSULTING, which is being fold- 
ed into a new IBM Business Con- 
sulting Services unit... . KPMG 
CONSULTING INC. in McLean, Va., 
changed its name to BearingPoint 
Inc. . .. HURWITZ GROUP INC., an 
IT consulting firm in Framingham, 
Mass., closed its operations. 


MARK HALL ® 


_ Major Retailers Wary 


_NEWS 


ON THE MARK 


of 


Leap to Web Services... 


... until those services prove themselves over a long period of time. 
“If the early bird gets the worm, the second mouse gets the cheese,” 
drawled Jimmy Hale, vice president of Web technology at Neiman 
Marcus in Dallas. He said this is one area where he won't be an early 
adopter. Dave Towers, vice president of e-commerce operations for 
New York-based J. Crew, nodded in agreement, adding, “We’ve looked 
at Web services. There’s nothing out there for us.” Following the ex- 


change very closely was Fumi Matsumo- 
to, vice president of technology at Art 
Technology Group (ATG). He was co-host- 
ing with Nike, Neiman Marcus, J. Crew 
and other retailers to talk about technol- 
ogy futures for online CRM at Nike’s 
headquarters in Beaverton, Ore. Needless 
to say, ATG didn’t chat up any major Web 
services development it had under way, 
but it did unveil plans for additions to its 
ATG7 product. Those additions will in 
clude tools for wireless devices, kiosks, 
call centers and point-of-sale devices, as 
well as a campaign management compo- 
nent. The upgrade will probably hit the 
streets in the second half of next year. 
Meanwhile, the SAP and Siebel integra- 
tion modules for ATG6 will ship this 
quarter. ® Web services skeptics might want 
to chat with George Nemer at Dallas- 
based technology marketer Brierley & 
Partners. He has been using C# and .Net 
tools to build shared services for 
MySony.com and other sites. What’s 


BMC Plans Integrated Database Tools 





A AY SG Teenie) t are 
DecisionSite Posters for capturing and 
sharing, ina common library, business- 
Cram eee Mes EIR atte Le 


other knowledge for an enterprise. 


i et Aone} 
Collaboration and Expertise Networks with 
visual tools to manage clusters of both 
structured and unstructured data. 


more, he has consistently been able to 
handle 1,200 concurrent users on each of 


| his Compaq ProLiant 360 DL servers. 


The modest folks in Redmond, Wash., claim 


| amere 500 is possible. ® The software in- 


dustry’s rumor mill is churning after 
Cambridge, Mass.-based start-up Systinet 
Corp. lassoed Mercator Inc. in an OEM 
deal for its Web services platform. Word 
is Interwoven Inc. will be next in a series 
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of similar deals for Systinet. Sources say 
the biggest proponents of Web services 
standards, IBM and Microsoft, aren’t in the 
OEM game because independent software 
vendors fear they may stray from those 
very standards. = Earth to marketing. After 
celebrating its Sth birthday, Path Com- 
munications Inc. in balmy Marina Del 
Rey, Calif., plans to announce its exis- 
tence in two weeks. It will also unveil 
Path Application Manager Verion 3.0, 
which finds and fixes software problems 
for distributed applications. The Nation- 
al Institute of Standards and Technology 
estimates software errors cost the econo- 
my $60 billion a year. So it’s about time 
the marketers at Path discovered their 
phones, e-mail and other tools of the 
trade to clue in potential users. And in 
light of Brierley’s success in building 
snazzy and speedy Web services, Path 
better hustle on its 3.1 release, due in the 
first quarter of next year, which will in- 
clude .Net support. # App Testing for Dum- 
mies. RadView Software Inc. next week 
will show off its application-function 
testing tool, Web FT 2.0, with a new user 
interface that can be used by even new- 
bies in the software quality assurance de- 
partment, which is often a starting point 
in a developer’s career. The new drag- 
and-drop features and wizards will help 
the befuddled code tester find and fix prob- 
lems. And for application-performance 
testing, RadView’s WebLoad 6.0 will hit 
the streets in mid-November with auto- 
mated testing for client-side JavaScript, 
Crystal Reports, more .Net statistics and 
out-of-the-box metrics for Apache, iPlan- 
et, WebLogic, WebSphere and other serv- 
er platforms. D 


said Rich Ptak, an analyst at 
Ptak & Associates Inc. in 
Amherst, N.H. “It’s a winner, 





| Products to support mainframes and 


distributed systems from single console 





BY MATT HAMBLEN 
BOSTON 

BMC Software Inc. last week 
outlined a blueprint for deliv- 
ering within 18 months an in- 
tegrated set of database man- 
agement tools designed to let 
IT managers monitor main- 
frame and distributed databas- 
es from a single console. 

As part of the plan, called 
Project Golden Gate, Hous- 
ton-based BMC also an- 
nounced the release of five 


| new or upgraded tools. Those 


products range from a batch 
processing tool for mainframe 





databases to backup and re- 
covery software for Oracle 
Corp. databases and for SAP 
AG and Siebel Systems Inc. 
applications. 

BMC’s long-term plan “is in- 
teresting from the standpoint 
of having a product that’s able 
to link many areas, both open 
systems and mainframes,” said 
Frank Schmitt, team leader for 
storage management at One- 
Beacon Insurance Group in 
Boston. That would let IT 
workers with mainframe skills 
manage both kinds of databas- 
es, Schmitt added. 





Dan Sullivan, vice president 
of information systems at Mel- 
lon Financial Corp. in Pitts- 
burgh, said he also likes the 
concept because he oversees 
administrators of both main- 
frame and distributed databas- 


| es and wants to have a single 


view into both worlds. 
Sullivan has worked for six 
years with BMC’s Mainview 
software, a mainframe systems 
monitoring tool that Mellon 
uses to detect slowdowns in 
massive data processing jobs, 
to plan future capacity needs. 
“The big utility that every- 
body wants is the ability to 
have automated intelligence 
and single console manage- 
ment for all the databases,” 





and BMC is the only company 
that has tools that run across 
all the different databases and 
platforms.” 

The closest potential com- 
petitor for a similar initiative 
would be Computer Associ- 
ates International Inc. in Is- 
landia, N-Y., Ptak added. 

At a customer event here, 
BMC officials described Gold- 
en Gate as specifically focused 
on data management products 
that are aimed at bringing to- 
gether mainframe and distrib- 
uted databases. But a BMC 
spokeswoman said afterward 
that the single console concept 
will be expanded to include the 
Mainview systems monitoring 
tools “sometime in 2003.” D 





Get the Price/Performance Advantage 


With Oracle, Dell and Red Hat 


“Those running Oracle, Dell, and 

Red Hat Linux have a price/performance 
advantage. Users can buy four 4-way 
Dell servers running Oracle and Linux 
with exceptional performance for less 
than a 12 or 16-way proprietary SMP 


system at a hefty savings.” 


Aberdeen 


Learn more about an Oracle 
certified configuration for 


DOLL Breda a 
ORACLE 


oracle.com/linux/dell 
1.800.633.0567 
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200 Cut From UTC Project 


CSC layoffs follow efforts to renegotiate 
troubled $3.7 billion outsourcing deal 


BY TODD R. WEISS 
OMPUTER SCIENCES 
Corp. (CSC) last 
week confirmed that 
it has laid off about 
200 of the 1,600 employees 
who had been doing IT work 
for United Technologies Corp. 
(UTC) under a $3.7 billion 
outsourcing deal. 

The layoffs are the latest, 
and most tangible, evidence 
of friction between the two 
companies on the 15-year out- 
sourcing contract, which is 
due to run through 2014. 

Sources last month said 
CSC was trying to get more 
money from UTC to cover its 
costs on the agreement and 
added that workers assigned 


to UTC were bracing for cut- 


backs [QuickLink 32831]. 

In a statement last week, 
El Segundo, Calif.-based CSC 
said the layoffs included about 
165 workers based at UTC’s 
headquarters in Hartford, 
Conn. The cuts were made to 


help control costs and realign 


resources, according to a CSC 
spokeswoman. She declined 
further comment on why the 
employees were let go. 

UTC spokesman Paul Jack- 
son said executives at the $27.9 
billion manufacturing con- 
glomerate are “watching the 
situation very closely to make 
sure service levels aren’t af- 
fected.” Jackson also declined 
to elaborate on the situation. 

Peter Bendor-Samuel, an 
outsourcing consultant at 


Everest Group Inc. in Dallas, 
said he hasn’t seen the details 
of the contract between CSC 


| and UTC. But it’s obvious that 
| big changes are under way, he 
| added. “Clearly, there’s a re 

| structuring going on,” Bendor- 
| Samuel said. “Two hundred 


| people is a lot of people.” 


| Seeking a Better Deal 


Renegotiations such as the one 
| sought by CSC are becoming 


much more common among 


| Outsourcing partners as com- 


panies look to cut costs wher- 


| ever possible, according to 


Bendor-Samuel. But, he noted, 
it’s often the outsourcing 


| client that pushes for a better 
| deal because of the sluggish 


| economy and increased com- 
| petition among vendors. 


The contract between CSC 


| and UTC was originally signed 


in May 1999 as a 10-year deal 


that involved only UTC’s Pratt 


| & Whitney aircraft engines 
| subsidiary. The agreement was 


expanded that fall to cover all 


| of UTC’s IT infrastructure in 


North America and was then 


| extended by another five years 
last November. 


As part of the outsourcing 
contract, CSC is supposed to 


consolidate 20 major data cen- 
| ters into three facilities and 
| combine UTC’s 15 end-user 
| help desks into a single opera- 


tion. The deal also calls for 


| CSC to standardize about 


45,000 PCs on Dell technology 
and eliminate about 350 of the 


| 2,950 servers that UTC had in 


place when it was signed. 

An unspecified number of 
the workers being dropped 
from the UTC account will be 
offered other jobs within CSC, 


according to the outsourcing 


Handheld Market Share Battle | 
Centers on Price and Features 


| tion with hardware that runs 
| on the Palm OS operating sys- 


Competition to heat 
up by end of year 


BY BOB BREWIN 
Look for competition in the 
handheld computer market to 
heat up by the end of the year, 
as vendors wield lower prices 
and more advanced features in 
their battle for market share. 
On the price front, ViewSon- 


ic Corp. in Walnut Creek, Calif. 


last week set a new price point 
for handhelds running Micro- 
soft Corp.’s Pocket PC operat- 
ing system with the introduc- 
tion of a $299 model. That’s 
about half what iPaq Pocket 


PCs from Hewlett-Packard Co. 


sold for earlier this year. 

HP promises to cross that 
price threshold later this year. 
Roger Frizzell, an HP spokes- 
man, said the company plans 
to introduce a “value line,” as 
well as high-end models with 
added features including bio- 


metrics and telephony. He de- 
clined to elaborate, however. 
Ed Suwanjindar, Microsoft’s 
product manager for mobile 
devices, said users should ex- 
pect lower prices on a variety 
of Pocket PCs shortly. He said 
Microsoft and its hardware 
partners realize that price has 


| been a factor in their competi- 


Palm vs. 
Pocket PC 


& VIEWSONIC introduces 
$299 Pocket PC 

® HP plans to stay competitive at 
low end, add features at high end 
= MICROSOFT vows not to 


lose market share in price war 
with Palm devices. 


BSONY introduces feature. 
laden, $599 Palm-based hand- 


held that runs on same 200-MHz 
Intel chip used in Pocket PC. 


| 


tem. “We are going to take 


| price out of the equation as 


a barrier to adoption” of the 


Pocket PC, Suwanjindar said. 


Michael Murphy, director of 


| IS support services at Carlson 


Hospitality Worldwide, a divi- 


sion of Carlson Companies Inc. 





| in Minneapolis, said he wel- 
; comes competitive pressure on 


high-priced Pocket PCs — with 
a caveat. “I like price wars,” he 


| said. But “what I am concerned 
| about is functionality.” 


Carlson Hospitality has de- 


| tels, and Murphy doesn’t want 


to provide them with low- 


While Pocket PC vendors 
push prices down, Sony Elec- 
tronics headed in the other di- 
rection with last week’s intro- 
duction of a $599, feature-rich 


| . ’ 
handheld running Palm Inc.'s 


firm’s spokeswoman. BD 


new OSS. The Sony Clie model 
runs on a 200-MHz processor 
from Intel Corp. that’s also 
used by Pocket PC manufac- 
turers. Older-model Palm hard- 
ware used 33-MHz chips. 

Ty Takayanagi, Sony’s prod- 
uct manager for the Clie line, 
said Sony chose the Palm OS 
over the Pocket PC because it 


| offers “more flexibility.” 


San Bhavani, an analyst at 


| ARS Inc. in La Jolla, Calif., said 
| the new Sony Clie — which 

| features a built-in digital and 

| video camera as well as an 

| MP3 player — shows that 

| Palm OS “is definitely not 


| dead.” He said the new Intel 


| chip would allow Palm and its 
| hardware partners to “keep up 
| with the Pocket PC in the 


| ployed Pocket PCs to top exec- | 
| utives and managers at its ho- 


megahertz race.” 
Carlson’s Murphy plans to 
stick with the Pocket PC. He 


| said it gives him better appli- 
| cations and development tools 


| priced, stripped-down devices. | 


that run in a familiar Windows 
environment. D 


UNWIRED | 


To access all Computerworld stories on 
handheld devices, visit our Web site 


QuickLink ki000 
www.computerworld.com 





P&G Slows Pace 
Of Outsourcing 
Talks With EDS 


Officials at Electronic Data 
Systems Corp. and Procter & 
Gamble Co. last month said 
they were potentially just days 
away from finalizing a big IT 
and business process out- 
sourcing deal. But P&G has 
now slowed down the talks. 

P&G spokeswoman Linda 
Ulrey last week said the Cincin- 
nati-based maker of consumer 
products is still negotiating 
with EDS. But it will likely be 
“a number of weeks” before 
P&G executives make a final 
decision, she added. 

Ulrey wouldn't say whether 
P&G is also talking with other 
IT services companies, and 
she declined to comment on 
whether EDS’s recent financial 
troubles are causing P&G to 
take a closer look at the out- 
sourcing vendor. “We just 
reached a point where we felt 
we should take a little more 
time,” Ulrey said. 

EDS spokesman John Clen- 
dening also declined to com- 
ment about the talks. Plano, 
Texas-based EDS initially 
dropped out of the bidding for 
P&G in July. But it returned to 
the table last month and ap- 
peared to have the deal sewn 
up when its chief rival, Dallas- 
based Affiliated Computer Ser- 
vices Inc., ended its talks with 
P&G [QuickLink 33070]. 

However, EDS on Sept. 18 
announced that it would fall 
well short of its revenue and 
earnings targets for both the 
third and fourth quarters. The 
company last week said it's 
launching a companywide 
cost-cutting effort that could 
involve layoffs. 

EDS also disclosed that the 
U.S. Securities and Exchange 
Commission has begun an 
informal inquiry related to its 
third-quarter shortfall. The 
company said it's “confident 
the inquiry will confirm its 
actions were proper.” 

~ Todd R. Weiss and 
Juan Carlos Perez, 
IDG News Service 
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Pervasive Computing 
Has Pervasive Problems 


Interoperability, 
security among 
issues to deal Ww ith 


BY PATRICK THIBODEAU 


NASHIN N 
WA N 


HE PROMISE of per- 

vasive computing is 

alluring for Lyle 

Meier, a systems 
architect at ChevronTexaco 
Corp. in San Francisco. Proc- 
essors are turning up in large 
numbers in everything from 
automobiles to aircraft en- 
gines. And someday, smart 
wireless sensors may be wide- 
ly deployed in oil fields — if 
wilderness wireless service 
ever becomes available. 

“Oil has an annoying habit,” 
said Meier. “ 
there are no people.” 

Meier’s point is indicative of 
the problems inherent in per- 
vasive computing — the con- 
cept of tying together embed- 
ded, handheld, desktop and 
networked systems into a sin 
gle fabric with ubiquitous 
reach. Those problems in- 
clude standards and security 
issues, interoperability and the 
lack of IP addresses to handle 
millions of connected devices. 

A federal agency, the Nation- 
al Institute of Standards and 
Technology (NIST), is working 
to address those problems by 
developing the standards and 
measurements needed to stitch 
together hardware and soft- 
ware components and commu- 
nications protocols. 

NIST is also developing a 
business case for users to de- 
mand pervasive computing 


Correction 

IN OUR SEPT. 23 ISSUE, 
Richard Fronheiser's employer 
was misidentified in the story 
“BMC Ups Performance Man- 
agement Software.” Fronheiser 
is a capacity planning specialist 
at American Family Mutual Insur- 
ance Co. in Madison, Wis. 


It occurs where 


| industries in the U.S., 


| nologies,” 
| Arden Bement. 
Indeed, NIST officials stress | 


| systems from vendors. 

| Last week, NIST held its 

| third pervasive computing 

| conference, this time focusing 

| on health care — a paper- 

| mired industry that NIST offi- 

| cials believe can see substan- 

| tial business benefits from 
ubiquitously deployed and 
connected technology. 

“Although the health care 

industry is one of the major 

it has 

been one of the slowest to 


| embrace information tech- 


said NIST Director 


that broad use of electronic 


| records and wireless network- 
| ing could reduce health care’s 





| administrative cost. But the 


lack of standards is a tremen- 
dous hurdle. 

For example, health care 
workers are beginning to use 
personal digital assistants 
(PDA) to access and log in- 
formation as they move from 
patient to patient, but XML 
support isn’t available on all 
PDAs. The manufacturers 
need to be aware of the stan- 
dards needed, and the stan- 
dards have to be fine-tuned 
for portable devices, accord- 
ing to Mark Skall, chief of the 
software diagnostics and con- 
formance testing division of 
the NIST. 

Another problem is devel- 
oping applications that can 





| automatically adapt to differ- 
ent networking environments 
with different bandwidths, 
said Mike Wehrs, director 

of technology and standards, 
Mobility Planning Group, at 
Microsoft Corp. 


| Health Care Uses 


In health care, pervasive com- 
puting could make it possible 
to create a single electronic 
patient record that physicians 
could access regardless of 
what device they use, said 
Dixie Baker, vice president for 
technology at Science Appli- 
cations International Corp., 
a systems integration firm in 
San Diego. 

But many health care sys- 


FTC Examines E-commerce Barriers 


Feds see problems 
with state laws, 
industry rules 


BY PATRICK THIBODEAU 
NASHIN( 


TON 


| ERealty Inc. calls its e-com- 


merce Web site an intranet. 
Access is controlled, and cus- 
tomers must log on to see real 
estate listings — an experi- 
ence intended to model a visit 


| to a broker. But its business 


model may be under attack. 
The National Association 
of Realtors (NAR) next month 
| will decide whether Houston- 
| based eRealty, and companies 
| like it, can have unfettered 
access to property listings. 
The NAR may give brokers 
| fearful of competition the 
| right to block listings on what 
eRealty calls its Virtual Office 
Web site. 
Such a move would force 
| eRealty to undertake coding 
work on its systems and make 
listing information that can’t 
be displayed on the Web avail- 
able to customers via e-mail 
and fax, said George Stephens, 








eRealty’s director of compli- 
ance. IT costs would increase, 
he said. 

Next week, the U.S. Federal 
Trade Commission (FTC) will 
hear from eRealty officials, as 
well as about 70 other experts, 
industry representatives and 
corporate executives, on 
whether states and industry 


| groups are erecting anticom- 
| petitive barriers to e-com- 


merce. It will examine a range 
of industries including auto- 
motive, financial services, 


| pharmaceutical sales, online 


legal services, financial ser- 
vices and retailing. 


Taking Action 

The FTC sees problems. Last 
year, it formed a task force to 
investigate the issue but has 
already made moves to pre- 
vent anticompetitive actions. 


| For instance, in the late 1990s, 


a group of 25 Chrysler dealers 
threatened to refuse to sell 


limited its supply of cars to an 
Internet seller. The FTC filed 
a complaint against the deal- 


| ers, resulting in a settlement 





Thwarting 
Competition? 
The FTC isn't convinced that 


the e-commerce marketplace 
is unfettered. Areas of concern 


include the following: 

RETAILING: Feds are examining 

whether some distributors are dis- 

re tN 
ine. 


REAL ESTATE: Some states are 
requiring attorneys to be physi- 

Cally present for all closings and 
online sellers. 


DEATH CARE: You can buy cas- 
kets online, but some states re- 
al directors at a funeral home. 


| that ended the threat 


Some states bar financial 


| services firms from operating 
| unless they have an in-state 
certain models unless Chrysler | 


office. FTC officials say they 


| can see possible consumer 


protections to such a rule, but 
anticompetitive issues arise if 
consumer choice is restricted. 


www.computerworld.com 


RES 
Federal Efforts 


SECURITY: NIST's Advanced 
Encryption Standard, released 
last year, is critical to pervasive 
computing. 


PERFORMANCE: The agency 
is developing measurements of 
Java performance on embedded 
processors. 


MODELS: To help industry 
better understand complex inter- 
actions, NIST is working on 
pervasive computing models. 


FOUNDATION: NIST is working 
on a wide range of protocols. 


tems are proprietary and 
stymie interoperability. 
“Anything NIST can do 
that can crack that conun- 
drum can help,” said Jeff 
Sutherland, chief technology 
officer at PatientKeeper Inc., 
a health care systems devel- 
oper in Brighton, Mass. D 





Another area is wine sales. 
The FTC will hear from 
Daniel McFadden, the 2000 
Nobel] laureate in economics 
and a California vineyard 
owner. He will urge the FTC 
to combat restrictive sales 
practices, such as a Florida 
law that bars residents from 
having wine shipped in from 
out of state. 

A Florida resident visiting a 
California vineyard can’t have 
wine shipped home, even 
though it would be legal to 
purchase the wine in Florida, 
McFadden said in prepared 
remarks released by the FTC. 
“The Florida legislation is a 
direct attack on interstate 
commerce, making a transac- 
tion illegal simply because it 
crosses state lines,” he wrote. 

Although a wide range of 
| subjects will be covered, one 
key group that won’t be speak- 
ing at the hearing is the NAR. 
The association is still debat- 
ing whether a listing broker 
can control use of listing data 
by competitors. Until a policy 
is set, it isn’t ready to discuss 
the matter, said Laurie Janik, 
the NAR’s general counsel. 
The NAR was invited to speak 
at the event but declined for 
that reason, she said. D 












Tak elias) 





Pert. 


La . - 
ed 


Complement 


Free 


Recognize 


14 coupurerwontn october 7, 2002 


NEWS 


www.computerworld.com 





Dell Increases Q3 
Revenue Forecast 


Dell Computer Corp. raised the 
revenue forecast for its third 
quarter, which ends Nov. 1. Dell 
said it now expects business to 
total $9.1 billion, up from its ini- 
tial prediction of $8.9 billion. The 
new target would amount to a 
22% increase over the $7.5 bil- 
lion in revenue that Dell reported 
for last year’s third quarter. Prof- 
its should be up more than 30% 
year-to-year, the company said. 


IBM, British Drug 
Chain Sign IT Deal 


The Boots Company PLC, a Not- 
tingham, England-based phar- 
macy chain, said it has awarded 
IBM a 10-year IT outsourcing 
contract valued at about $1.1 
billion. Boots said it expects to 
save more than $200 million in 
IT costs because of the deal. 
About 400 IT workers will be 
transferred to IBM but will con- 
tinue to work at Boots’ facilities. 


SAP Taps Ex-Siebel 
Exec as U.S. CEO 


SAP AG named former Siebel 
Systems Inc. executive William 
McDermott president and CEO 
of its U.S. subsidiary in Newtown 
Square, Pa. McDermott, 41, 

was executive vice president of 
worldwide sales operations at 
San Mateo, Calif.-based Siebel 
before leaving that job early last 
month. SAP had been looking for 
a new CEO to run SAP America 
Inc. since May. 


Short Takes 


HEWLETT-PACKARD CO. filed 

a patent infringement lawsuit 
against storage rival EMC CORP., 
prompting Hopkinton, Mass.- 
based EMC to hit HP with a 
countersuit that also claims 
patent violations. . . . Louisville, 
Colo.-based STORAGE TECHNOL- 
OGY CORP. said it is outsourcing 
development and manufacturing 
of its StorageNet 6000 devices. 


| BY LUCAS MEARIAN 
NEW YORK 
"ETWORK Appliance 
Inc. last week took 
its first plunge into 
the storage-area 
|} network (SAN) market by 
announcing a line of storage 
devices that can perform both 
file- and block-level data 
transfers from a single pool 
of disk drives. 

Analysts said the new prod- 
ucts are the first to eliminate 
the differences between SAN 
and network-attached storage 
(NAS) devices. Until now, 
users have had to bridge that 
gap by outfitting disk arrays 
with a gateway device, such as 
a NAS engine or “head” that 
has its own operating software. 

At a press conference here, 
Network Appliance executives 
said the Sunnyvale, Calif.- 
based company has upgraded 
its Data OnTap software to 


| support Fibre Channel SANs 


in addition to NAS applica- 
tions. The combination of the 
software and the new Fabric 
Attached Storage 900 (FAS900) 


| hardware is aimed at greatly 


reducing storage management 
headaches and wasted disk 
space for corporate users, Net- 
work Appliance said. 

The company introduced 


| two FAS900 models that have 


8TB to 32TB of storage space 
(see box). The devices are 
priced from $150,000 to $1 mil- 


| lion, and Network Appliance 


said their capacity will be in- 
creased to 48TB by mid-2003. 


| NAS Evangelist 


While rival vendors have pur- 
| sued SAN technology, Net- 
work Appliance has spent the 
past 10 years evangelizing for 
NAS devices. But Dave Hitz, 
executive vice president of 
engineering at Network Appli- 





ance, said the company is get- 





Vendor's new devices, software upgrade 
support both storage approaches 


ting into the SAN market be- 
cause of user demand. He said 
SAN technology has also open- 
ed partnerships for Network 
Appliance, including deals to 
resell storage switches made 
by McData Corp in Broom- 
field, Colo., and Brocade Com- 
munications Systems Inc. in 
San Jose. 

Rick Hulsey, a system design 
engineer at Southwest Airlines 
Co. in Dallas, said the airline 
bought a pair of the FAS900 
devices two months ago as a 
beta tester and is using their 
NAS capabilities to reduce the 
time it takes to back up data. 

Southwest already stores 
1STB of data on 16 older Net- 





NetApp Tries to Bridge 
‘The SAN/NAS Divide 


| work Appliance file servers 


and now needs less than five 
minute to complete some 


| backups that previously took 


seven to 10 hours, Hulsey said. 
But, he added, what he’s 

“really salivating over” is Net- 

work Appliance’s plan to add 


| support for native SCSI over 


IP connectivity to the FAS900 
line next year. “We can use 
that to take advantage of our 
Cisco infrastructure,” he said. 

The FAS900 devices can 
manage both NAS volumes 
and SAN logical unit numbers 
and allocate storage between 
the two modes, Hitz said. 
“The No. 1 advantage to our 
approach is simplicity. The 
vast majority of applications 
can go either way [SAN or 
NAS], anyway,” he said. 

Steve Duplessie, an analyst 


Sun Fights Back With 
Workgroup Disk Arrays 


Line aims to regain 
sales company lost 
to competitors 
BY LUCAS MEARIAN 
Looking to reclaim sales it has 
lost to rivals such as EMC 
Corp. and Hewlett-Packard 
Co., Sun Microsystems Inc. 
last week announced a line of 
midrange disk arrays targeted 
at workgroup applications. 

The first model in Sun’s 
StorEdge 3300 series is due to 
ship in mid-October with a 
capacity of 3.4TB. The arrays, 
which were developed for Sun 
by Carlsbad, Calif.-based Dot 
Hill Systems Corp., support 
Sun’s entry-level servers and 
rival systems running under 
Linux, Unix and Windows. 
Prices start at $7,000. 

“This is aimed at the volume 
user — customers that buy 
smaller servers that eventually 





need expansion,” said Mark 
Canepa, executive vice presi- 
dent of network storage at Sun. 
That’s a market where Sun 
has had problems in storage, 
said Steve Duplessie, an ana- 
lyst at Enterprise Storage 
Group Inc. in Milford, Mass. 
The former Compag Comput- 
er Corp., now part of HP, “has 
run willy-nilly over Sun” at the 
workgroup level, he said. 


AT A GLANCE 


On the 
StorEdge 


Sun's new disk arrays include: 


= Maximum storage capacity 
of 3.4TB 

* Hot-swappable drives 
® Single or dual RAID 
controllers 


= Browser-based remote 
management software 





parate No More 


pe ver 


att 


at Enterprise Storage Group 
Inc. in Milford, Mass., pre- 
dicted that Network Appli- 
ance will have success selling 
its well-established NAS in- 
stalled base. The combined 
SAN/NAS functionality is “a 
fantastic feature for existing 
customers,” he said. D 
STATE OF STORAGE 
For comprehensive coverage of storage- 


related issues, visit our Web site 


QuickLink k1700 
www.computerworld.com 


But the addition of the 
StorEdge 3300 lets Sun “cover 
all their own bases,” Duplessie 
said. “This is a viable, compet- 
itive midrange product.” The 
new arrays should appeal to 
Sun server users that would 
rather deal with one hardware 
vendor than two, he added. 

Bruce Baumgarte, a techni- 
cal staff member at Dallas- 
based Texas Instruments Inc., 
is testing a StorEdge 3310 for 
storing the software used to 
boot the semiconductor mak- 
er’s Sun Fire 4800 and V880 
servers. “It looks like a good 
piece of hardware to me,” 
Baumgarte said. 

But the competition isn’t 
letting up on Sun. Hopkinton, 
Mass.-based EMC today plans 
to expand its line of midrange 
arrays by adding the Clariion 
CX400, a follow-on to the 
CX600 model it announced in 
August [QuickLink 32019]. 

EMC officials said the 
CX400 has a storage capacity 
of up to 4.4TB and will be 
resold by Dell Computer 
Corp. List prices start at 
$66,000 for a I80GB model. B 
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Teradata Mixes Real-time, 
Historical Data Analysis 


NCR unit readies 
data warehouse 
software upgrade 


BY MARC L. SONGINI 

NCR Corp.’s Teradata division 
is upgrading its namesake data 
warehouse software so that 
companies can use it as a sin- 
gle repository that supports 
both real-time and strategic 
data analysis applications. 

Dayton, Ohio-based NCR 
last week announced Teradata 
Warehouse 7.0, which is due 
for release in December. NCR 
said the new version will offer 
nearly 150 enhancements, in- 
cluding improved query per- 
formance and a Web browser- 
based user interface for 
launching queries. 

The software is built around 
an upgraded version of Tera- 
data’s decision-support data- 
base, which is called Version 2 
Release 5 (V2R5) and is now 
in beta testing. The upgrade 
will let end users launch 
either complex searches of a 
data warehouse or smaller, 
more specific queries, said 
Vickie Farrell, vice president 
of Teradata warehouse mar- 
keting. 

That should make it possi- 
ble for Teradata customers to 
cut their IT costs by collaps- 
ing data marts and other small 
analytical databases into a sin- 
gle data warehouse, she said. 
They can also cut down on the 
cost of maintaining and syn- 
chronizing various business 
intelligence applications. 


More Data for Queries 
Currently, Teradata users can 
run exhaustive queries against 
pools of historical data. In ad- 


dition, Teradata Warehouse 7.0 | 


will support queries that in- 
corporate real-time and his- 
torical data simultaneously. 
For example, Farrell said, a 
fraud-detection application at 
a credit card company might 
detect a suspicious transaction 
by a consumer and then use 
the Teradata software to check 
that purchase against records 


| stored in a data warehouse. 

| The performance improve- 
| ments in Teradata Warehouse 
| 7.0 include a load-balancing 
feature that can prioritize 
time-sensitive queries without 


put, Farrell said. Users will 
also be able to partition 
chunks of related data, such as 
| monthly or weekly sales rec- 
ords, and run queries against 

| them on a single server proc- 


| Ce etre) 


At its user conference in Las 
Vegas, Teradata also announced: 


= The release of Version 3.0 
of its Demand Chain Management 
software, which is designed to 
help retailers automate inventory 
replenishment 


® An expansion of its appli- 
cations for manufacturers, in- 
cluding new analytical supply 
chain software 


= A program that lets users 
install Teradata’s marketing 
analysis software for a six-month 
trial to measure potential ROI 


Continued from page 1 


‘Home Depot 


| technology,” said DeRodes, 
| who joined Home Depot early 





this year. But, he added, “be- 


| cause of the rate of [technical] 


change, the last guy in has the 


| advantage. That’s us.” 


The Home Depot system 


| will initially consist of two 32- 
| processor IBM p690s connect- 


| ed together to function as one 
| logical unit. The size of the 

| data warehouse can be ex- 
panded by adding more serv- 
ers and is “virtually unlimit- 
ed,” DeRodes said. 

The first phase will be used 
| to automate performance 
management functions for 
| Home Depot’s 300,000 em- 
ployees. The company is 
building in metrics to measure 
worker performance as part of 
an effort to retain and reward 
its personnel, DeRodes said. 





slowing down overall through- | 


NEWS 


| essor instead of distributing 
the information across multi- 
ple CPUs. 

The promised performance 
boosts sound particularly in- 
teresting to Dean Cox, manag- 
er of network planning and 
| provision support at BellSouth 
Corp., an Atlanta-based tele- 
communications company. In 


ture could boost the speed of 
queries connected to monthly 
or weekly network perfor- 
mance numbers, she said. 
BellSouth uses a customized 
installation of Teradata’s cur- 
rent V2R4 daiabase to run a 
data warehouse that helps the 
company predict and avoid 
system outages during peak 
network usage times. But Cox 


be able to home in more 
quickly on specific pieces of 
data for querying purposes. 

Teradata’s new browser- 
based user interface should 
make it much easier for non- 
IT workers to run queries, said 
Andrew Braunberg, an analyst 
at Current Analysis Inc. in 
Sterling, Va. That may give 
Teradata’s software an edge 
against rival applications sold 
by IBM and Oracle Corp., he 
added. D 


Managers at Home Depot will 
be able to access the data 
warehouse and run queries 
through a preconfigured dash- 
board user interface, he added. 
The next step, scheduled to 

begin in the first quarter of 
next year, will be to feed in 


| transactional information. 


Eventually, the data warehouse 
will take near-real-time feeds 
of sales data and assist with 
pricing, inventory forecasting 
and space management inside 
stores, DeRodes said. 

Kevin Murphy, vice presi- 
dent of information manage- 
ment at Home Depot, said the 
retailer has as many as 100 
mainframe-based DB2 databas- 
es. But they’re used only for 
production applications and 
can’t be accessed via the Web, 
Murphy said. 

Paula Rosenblum, an analyst 
at AMR Research Inc. in Bos- 
ton, said the Home Depot con- 
tract is a particularly big win 





said users at BellSouth want to | 


| Channel encrypted 
for authentication 


| 
| BY JAIKUMAR VIJAYAN 
UN MICROSYSTEMS Inc. 
this week will boost 
the capabilities of its 
Sun Open Net Environ- 
ment (ONE) Portal Server 6.0 
| technology with new secure 
remote access functionality. 
The Secure Remote Access 
6 product will allow users to 
securely access applications 
and services hosted on Sun 
ONE portals from any remote 
client using standard brows- 
ers, according to Sun. 

Sun’s portal server software 
comes with integrated identity 
management functions aimed 

| at enabling access control, 

| policy management and single 
| sign-on. This week’s an- 

| nouncement “is about en- 


for IBM in the data warehous- 

ing market. Deals of this size 
typically go to Teradata, the 

| data warehousing division of 
Dayton, Ohio-based NCR 

Corp., Rosenblum said (see 

related story at left). 

| Home Depot is ahead of 

| other retailers in some IT ar- 

| eas, such as its deployment of 

| wireless Java applications in 
its stores, Rosenblum said. But 

| it lags behind in data ware- 
housing, she added. Different 

| retailers “often have islands of 
profound automation for some 
segments of their business and 
islands of despair in other de- 

| partments,” Rosenblum said. 

In a survey on IT spending 

| in the retail industry this year, 

| 29% of approximately 100 re- 

| spondents said the implemen- 

| tation of business intelligence 

applications will be the most 

important IT-related strategic 

initiative for 2003, according 

to Rosenblum. D 
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Sun ONE Portal 
Gets Secure 
Remote Access 


particular, the partitioning fea- | 


abling an enterprise to give an 
extranet or remote access ca- 
pabilities to either an employ- 
ee or business partner,” said 
Adam Abramski, a Sun prod- 
uct manager. 

Remote users can access the 
portal services via a browser, 
and user authentication and 
access control functions are 
handled over an encrypted 
channel between the remote 
client and the Sun ONE identi- 
ty management server. 

All communications be- 
tween client and portal are 
protected using standard 
cryptographic algorithms such 
as Secure Sockets Layer (SSL) 
and Triple Data Encryption 
Standard (DES), according to 
Abramski. 

It’s this “[virtual private net- 
work]-on-demand capability” 
that makes the Sun ONE Por- 
tal Server’s remote access sup- 
port appealing, said Gary 
Horn, manager of network 
services at Advocate Health 
Care in Oak Brook, Ill. 

Advocate is using the portal 
technology to deliver patient 
care and other content to 
physicians and its associate 
organizations. Previously, such 
users would have to use dial- 
up connections to log into Ad- 
vocate’s servers to get the 
data. D 


Sun’s Portal 
Technology: 


# Lets users log into business 
portals from anywhere using stan- 
dard browsers, 


u Uses the Sun ONE Portal 
server as the centralized identity 
Management and access control 
server. 


CARES OEE eD DORMS ea FERS bee 


= Supports encryption stan- 
dards such as SSL and Triple DES. 
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All too often, data critical to internal decision-making is scattered throughout your enterprise, and you need to 


collect and present it in a way that makes sense—quickly. Microsoft” SQL Server™ 2000 Enterprise Edition with Analysis Services unifies and 


analyzes data from various systems using Data Mining and Data Transformation Services. Analytics built into Data Analyzer make information 


available immediately to the employees who require it, in a way that makes decision-making easier and more effective. And that’s important, 


because when vital decisions are put off, so are profits. That’s one degree of separation. That’s business intelligence with .NET. Find out how 


-NET connected software can help you see the big picture. Go to microsoft.com/enterprise Software for the Agile Business 





* CompUSA used Microsoft SQL Server 2000 with Analysis Services and Data Transformation Services to extract point-of-sale 


data from 228 stores, 150 applications, and numerous databases, and then integrate the information into one data warehouse. 
a — . Now, not only are employees able to get a clearer picture of the business at large, but the 


quick delivery of data means they can adjust to meet opportunities as they knock. 
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Don’t Count Us Out, 
Says Novell's CTO 


Nugent: One Net plan, 
better marketing set 
stage for rebound 





BY MATT HAMBLEN 
LAN NUGENT became Novell 
Inc.’s chief technology offi- 
cer in June. Nugent, who 
previously held CIO jobs at 
two companies, spoke with Computer- 
world last week about Novell’s strategy 
and his reasons for joining the soft- 
ware and services vendor. 


What will be the big business focus areas for 





Novell? There are four. One is the Web 
applications development space, with 
our Extend product. Next is secure 
identity management, a collection of 
technologies and services that address 
provisioning across the network and 


| directory-based policy management, 


such as single sign-on. The third is 
cross-platform network services, 
which include traditional network ser- 
vices that are now available on Linux, 
Windows and Solaris. Lastly, it’s con- 
sulting and technical services. 


What do you offer in services that other ven- 
ders don’t? We tend to offer what others 
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offer, but we come at it from a 
slightly different perspective. 
We’re not in there to help a 

customer implement an appli- 
cation package. We’re there to 


| help them solve a business 


problem that typically goes 

across application areas. Say I 

want to have a portal that gives 

my employees access to fi- 

nance and HR and manufactur- 

ing apps, with one view into tradition- 
al silo areas. There are very few [ser- 
vices] vendors that can do that well. 


How is the poor economy affecting Novell? 
We don’t see the economy any differ- 
ently than anybody else does right 
now. From the industry perspective, 


| everybody is collectively holding their 


breath to see when things go back to- 
ward normal. [At] Novell, this is a 
good year for us. We've had two prof- 
itable quarters, and our business has 
grown over last year, so I guess our ex- 
pectation is that as market conditions 
improve, we’ll improve along with the 
market. 


Why did you join the company, especially 
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when so many people have been 
asking, “What happened to Novell?” 
It’s an interesting question. I 
joined for a variety of reasons. 
I'd been a Novell customer over 
the years and had seen both the 
growth Novell experienced and 
the market and technical lead- 
ership they had, and I also 
watched Novell struggle a little 
bit over the past few years. The 
drawing card for me was the direction 
that the company has established 
strategically around the “One Net” 
[Novell’s vision for helping users to 
consolidate multiple networks]. 

Novell has for many, many years 
done a good job of marketing to its in- 
stalled base, but we need to do a better 
job of listening to the greater market, 
people who are customers and who are 
not customers, and focusing on the 
business side. People should stay 
tuned: The next Novell is coming. D 


NOVELL'S WEB TOOLS UPGRADE 


The vendor is adding Java 2 Enterprise Edition support 
and other new features to its Extend product line 


QuickLink 33358 
www.computerworld.com 








IBM Readies Software 
For Monitoring Storage 


Rollout of resource 
management tools 
follows acquisition 


| BY LUCAS MEARIAN 


Taking advantage of its August acquisi- 
tion of TrelliSoft Corp., IBM this week 
plans to introduce storage resource 
management software that lets IT 
managers track usage of disk and tape 
devices made by multiple vendors. 
IBM said the Java-based Tivoli Stor- 
age Resource Manager suite offers ca- 
pacity-alert and end-user chargeback 
capabilities, plus 300 preset reports. 


| The software can be used to monitor 


disk space and set usage thresholds on 
storage products from IBM and rivals 
Hewlett-Packard Co., EMC Corp., Hi- 
tachi Data Systems Corp. and Storage 
Technology Corp. It also supports 
disks built into Unix, Linux and Win- 
dows servers, IBM said. 

The hardware-agnostic approach 
lets IT administrators define policies 
for managing storage across different 
devices, said Jose Iglesias, director of 





storage products for IBM’s Tivoli Soft- 
ware unit in Austin, Texas. 

Tim Masey, manager of IT infra- 
structure at the Joint Commission of 
Accreditation of Healthcare Organiza- 
tions in Oakbrook Terrace, IIl., in- 
stalled the IBM software’s alert feature 
set last month. He said the technology 
has cut from hours to minutes the time 
it takes to measure disk usage levels on 
three Compaq Storage Works arrays, 10 
HP-UX servers and 60 Windows 2000 
servers. 

“I used to have a network adminis- 
trator go out and do a study on each of 
the systems and report on them manu- 
ally,” Masey said. He added that he 
would like to see IBM add dynamic 
storage allocation capabilities to the 
software, so more space can automati- 
cally be made available when an appli- 
cation reaches a capacity threshold. 

Masey said he paid less than 
$100,000 for Storage Resource Manag- 
er. The software is priced on a per- 
processor basis and should cost an av- 
erage of about $2,000 for each server, 
according to IBM. D 
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Court Sides With Geac in 
Mainframe Software Case 


-anel rules that 
vendor's copyright 
was infringed 
BY JAIKUMAR VIJAYAN 
A ruling last month in a long- 
standing legal dispute could 
have big ramifications for 
companies that use third par- 
ties to maintain packaged 
mainframe applications. 

The U.S. Court of Appeals 
in Philadelphia ruled that Par- 
sipanny, N.J.-based Grace Con- 
sulting Inc. violated copyright 
laws by providing add-on soft- 
ware and maintenance ser- 
vices to users of Geac Com- 


puter Corp.’s mainframe appli- | 


cations. The appeals court’s 


cs 7 


decision overturned a June 
2000 judgment in favor of 

| Grace by a U.S. District Court 
judge in Newark, NJ. 

The appeals court also rein- 
stated Markham, Ontario- 
based Geac’s claim that Grace 
misappropriated trade secrets 
as part of providing its main- 
tenance services. That claim 
| had been dismissed by the 
trial judge. 

“In essence, what the [ap- 
| peals] court is saying is that 
the modification of code with- 
out the owner’s explicit con- 
sent constitutes copyright in- 
fringement,” said John Trent, 
legal counsel for Geac. 

“We feel completely vindi- 
cated,” added Jay Sherry, a se- 





NEWS 


nior vice president at Geac. 
The verdict in the 8-year-old 
case will “effectively prevent 

| Grace from continuing to vio- 
| late our copyright,” he said. 

But Maxwell Blecher, 
Grace’s attorney in a separate 
$75 million antitrust lawsuit 
that the firm filed against 
| Geac in March, said the ver- 
| dict creates a dangerous 
precedent. 

“It’s a little scary to suggest 
that somebody with a copy- 
right has the prerogative to 
refuse any third party from 
servicing its software,” said 
Blecher, a partner at Blecher & 
Collins LLC in Los Angeles. “It 
gives such people a monopoly 
on their service business.” 

The copyright case dates 
back to 1994, when the former 
Dun & Bradstreet Software 
filed suit against Grace. D&B 
Software, which was acquired 
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Geac vs. Grace 


MARCH 1994: Grace Consulting 
is sued for violations by 
D&B Software, later is 
acquired by Geac, 

JUNE 2000: AU.S, District 
Court judge sides with Grace. 


MARCH 2002: Grace files a $75 
million antitrust suit against Geac, 
which is still pending. 


SEPTEMBER 2002: An ap- 
peals court rules that Grace violat- 
ed Geac’s copyright. 


by Geac in 1996, claimed that 
Grace illegally copied, sold 
and modified its software 
while providing third-party 
maintenance services to users. 
Grace admits to using add- 
on software systems that in- 
teroperate with Geac’s soft- 
ware through the use of Cobol 
CALL and COPY commands. 


How will you-know where he’s been, 


and what damage he’s done? 
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To make that work, Grace de- 
veloped a program that ex- 
tracts data from one of Geac’s 
human resources applications 
and executes the code. 

But the development work 
was aimed solely at making 
Geac’s software more interop- 
erable, claimed Anthony 
Ilutzi, Grace’s president. At no 
point did Grace modify the 
applications or create deriva- 
tive products from Geac’s 
code, Ilutzi said. He contend- 
ed that the lawsuit is an at- 
tempt by Geac to stop lower- 
cost rivals from stealing ser- 
vices business. 

As a result of the appeals 
court’s verdict, Grace probably 


| will have to modify the way its 


software interacts with Geac’s 
applications, Ilutzi said. But 
Grace will continue to provide 
services to its 80 Geac cus- 
tomers as usual, he added. D 


For a FREE 30-day 
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OPINION 


MARYFRAN JOHNSON 


Avoid the ‘Gotcha’ 


F YOU’VE EVER had consultants perform a 
security audit on your network then you 
know all about the “gotcha report.” That’s 
what security wonks call the big, thick, over- 
whelming document handed over after an 


audit that shows the re- 
sults from automated 
scans used to pinpoint 
the thousands of vulnera- 
bilities and likely attack 
points on your company’s 
network. 

Unfortunately, it’s 
about as useful as a “to- 
do” list that’s 60,000 
items Icng. 

“Security auditors love 
to run those big, fat 
gotcha reports. They 
think they’re proving that systems 
administrators don’t know any- 
thing,” said Alan Paller, research 
director at The SANS Institute. “But | 
knowing about those 60,000 things | 
doesn’t help you solve the problem. | 
All it’s doing is flooding you. So, like | 
an engine, you don’t start.” 

The mind-numbing extent of the 
problem is why Gartner can so con- 
fidently predict that 90% of the ex- 
pected cyberattacks on businesses 
this year will take advantage of 
known, well-documented vulnera- 
bilities. That’s right. Holes in your 
network, gaping open and inviting 
invasion by anyone from script kid- 
dies to criminal hackers. The Code 
Red and Nimda viruses, which to- 
gether cost businesses billions of 
dollars in losses worldwide, both ex- 
ploited known vulnerabilities. 

But what if the massive to-do list 
for securing networks could be 
trimmed to a manageable size? What 
if somebody not only pointed out 
the flaws but also supplied fixes? 

That’s what happened last week, 
when the General Services Adminis- 
tration released its third annual list 
of the top 20 Internet security 
threats plaguing both Windows and 
Unix systems. The list, created by 





the FBI and The SANS 
Institute (www.sans.org/ 
top20), had a truly no- 
table difference: work- 
able, practical solutions 
presented alongside the 
problem. 

Standing up with the 
feds at the announce- 
ment in Washington 
were representatives 
from a handful of pri- 
vate-sector security 
companies that special- 

ize in network vulnerability testing 
(see today’s News section). They 
were ready with a bunch of tools 
and services — both commercial 
software and freeware — already 
updated to check for the latest top 
20 threats. This kind of public/pri- 
vate partnership sets a great exam- 
ple, and one that our industry 
should applaud. 

But we can’t stop there. The fact 
that so much software, the majority 








of it from Microsoft, ships in a state 
of deplorable security is no longer 
acceptable. Better scanning tools 
and comprehensive lists of common 
vulnerabilities are a fine and neces- 
sary defense, but what about the of- 
fense? Patricia Keefe has said it here 
before, but it needs to be said again 
— and again. The IT community 
needs to raise its collective voice 
and lower the financial boom by re- 
fusing to buy products that aren’t se- 
cure right out of the box. 

It’s widely believed in government 
circles that the massive buying pow- 
er of certain federal agencies — and 
the threat of that financial tap being 


| turned off — was the real reason Mi- 


crosoft officials suddenly got securi- 
ty religion earlier this year. Money 


| does talk, and we know what walks. 


Are you using the buying power of 


your IT organization to apply the 


same pressures to your vendors? 
Have you made secure systems a 
condition of doing business with 
your firm? Have you established 
your own baseline security stan- 
dards, endorsed and supported all 
the way up through the CEO? These 
are key questions to keep in mind as 


| you examine any new products, par- 
| ticularly wireless ones. D 
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XML, SOAP 
Can Bring On 
Tax Credits 


HERE ARE more than 

150 state and federal 

job tax-credit programs 
that companies can apply for, 


but the paperwork associated 
with the hiring of veterans, minorities 
or those who live in enterprise or em- 
powerment zones discourages busi- 
ness from earning those credits. 

Fortunately, new permutations in 
the way XML and SOAP interact with 
corporate HR and accounting databas- 
es will make it easier to get those tax 
credits and harder to use bureaucratic 
burdens as an excuse not to get them. 

By automating the hiring applica- 
tion procedure via an in-store kiosk, 
companies such as Home Depot, 
Blockbuster and Target can quickly 
determine the tax ad- 
vantages of each ap- 
plicant. A straightfor- 
ward questionnaire 
screens for federal 
and state tax credit 
qualifications by 
combining prepro- 
grammed employer 
information with ap- 
plicant data. 

The kiosk system 
pulls the appropriate 
form from a database 
running on a service provider’s host 
using a SOAP interface in a Web ser- 
vices application. Upon completion of 
the form, hiring managers can instant- 
ly see the tax credits that would accrue 
every quarter for the new employee. 
This information is then transmitted 
directly to the corporate tax director, 
who can enter the dollar amount right 
on the company’s tax forms. 

In California, for example, compa- 
nies can earn up to $30,000 in tax 
credits per employee, depending on 
qualifications. This is a dollar-for-dol- 
lar credit that could potentially turn 
an HR department into a profit center. 

This integration of tax credit data 
into the hiring process comes from the 
nation’s largest tax-credit screening 
company, Phoenix-based ITax Group 
Inc., which produces the question- 
naires in English and Spanish. 

SOAP and XML data from the tax 
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credit form are connected to a compa- 
ny’s hiring management system. The 
system also generates reports on the 
entire tax-screening process so man- 
agers know how many applicants qual- 
ify for the credits and how much the 
company can earn participating in var- 
ious programs. 

More than 80% of Fortune 500 cor- 
porations currently take advantage of 
some job tax credit program, but Web- 
based IT screening should make these 
government programs available to 
more companies. 

I know IT isn’t considered a typical 
venue for advancing social and politi- 
cal goals. Rather, it’s routinely called 
upon to boost the bottom line by trim- 
ming or automating functions from 
the company’s operations and lubri- 
cating the wheels of e-commerce. But 
there’s money available to your com- 
pany, and XML and SOAP are making 
it easier for you to collect. Applying 
the technology will help your prof- 
itability, and you'll be encouraging the 


hiring of more people who will benefit 


the most from jobs. 
There’s nothing wrong with feeling 
good about making money. D 


Avoid Wiping 
Out on New 
CRM Wave 


ERE’S A RIDDLE: 

What costs $100 mil- 

lion and doesn’t work 
70% of the time? Answer: a 
customer relationship man- 
agement system. That’s what Gartner 
Inc. reported last year about large- 
scale CRM implementations. Execu- 
tives responsible for overseeing such 
egregious wastes of corporate re- 
sources ought to thank their lucky 
stars for all the media attention de- 
flected by the recent corporate ac- 
counting scandals. 

It’s convenient to blame vendors 
and consultants for this sort of thing, 
and I wouldn't entirely disagree. But 
too many companies jumped into 
CRM projects without clear strategies 
or sufficient buy-in from top manage- 
ment, paid too much attention to the 
technology piece of the sojution, and 
radically underestimated the com- 
plexity involved in rethinking their 
approaches to customer relationships. 


Vendors only added more 
fuel to the fire. 

Despite this history and 
today’s tight budgets, ana- 
lyst firm Aberdeen Group is 
predicting a compound an- 
nual growth rate for total 
CRM spending of nearly 
10% through 2005. 

However, there’s a new 
wave of CRM projects that 
are scaled down, shorter in 
duration and much more 
closely monitored for return 
on investment. A CIO maga- 
zine survey published in 
May revealed that 49% of 
CRM projects will be com- 
pleted in less than 12 months and 70% 
within 18 months. Moreover, 64% of the | 
respondents indicated that their CRM 
systems are being implemented incre- 
mentally though smaller pilot projects 
instead of as a single enterprisewide 
project built with full-service software 
suites. Many companies are opting for 
smaller CRM packages and adding 
more later, patching together their vari- 
ous customer systems or outsourcing 
some pieces, such as call centers. 

But you can still get in big trouble in 


a “CRM lite” world. My 
firm analyzed more than 
150 CRM projects and 
learned that organizations 
ought to be focusing more 
than ever on people (vs. 
process or technology) if 
they want to succeed. Here 
are a few pointers from the 
study: 

Breed a strong line of project 
champions. Top performers 
like to stay on the move in 
their careers, which 
wreaks havoc on their 
projects. Be certain that 
the carefully selected 
champions you've attract- 

ed at all levels to guide your CRM 
project don’t bolt before qualified suc- | 
cessors can take their place. 
Do a formal stakeholder analysis and plan. 
Diplomacy plays a big part in CRM 
projects, especially over time in places | 
where hot political issues and person- | 
al vendettas pose serious threats. 
Stakeholders must be identified, their 
roles recognized, their interests ac- 
knowledged and their relationships to 
other stakeholders understood. Map 
this out in a structured fashion in or- 


der to plan what’s necessary to influ- 
ence each stakeholder and boost the 
chances for project success. 

Organize a CRM project management 
office. Staffed by both business and IT 
workers, this office would be responsi- 
ble for training users and actively 
finding ways to incorporate CRM into 
daily routines. It would also provide 
structure and processes for collecting 
information in a single spot and mak- 
ing it visible to all who need it. 

Keep it simple, and exercise patience. 
CRM requires significant personal 
change for those involved, not just ad- 
justments to systems and processes. 
Resistance can be subtle, elusive and 
exhausting. CRM veterans caution 
that time and effort are easily under- 
estimated, especially the large amount 
of education, communication and pa- 
tience required as psychological and 
emotional adjustments are made. 

Technology should always come last 
with CRM, after you have determined 
what needs automation, designed solu- 
tions and developed a road map. D 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 





App Dev’s Demise 


ATRICIA KEEFE’S column on the | 
results of Computerworld’s sur- | 


vey on the future of IT [QuickLink 
32827] calls for rebuttal. Having 
been deeply involved in program- 
ming and systems for the last 35 
years, I've seen the near demise of 
thoughtful application development 
It's been replaced with an all-over- 
the-ballpark approach that cobbles 
together bits of automata and jury- 
rigged manual processes in hopes 
of solving problems without spend- 
ing much effort or cash. If a system 
has a “webby” look and feel or has 
the colorful trappings of a GUI OS, 
executives are lulled into believing 
their businesses are being provided 
quality solutions. The advent of mar- 
keting hype and glitzy claims about 
PCs and automated tools have 
fooled executives into believing that 
machines can replace thinking - 
point-and-click in place of analysis, 
cut-and-paste in place of software 
engineering. The myth is that a few 
clerks with e-mail, word processing 
and query tools tied toa LAN can 
build industrial-strength business 
systems. | disagree mightily that IT 


shops should shrink. But, in dismay, 

| agree that they probably will shrink 
anyway 
Don Kilmark 

DAI Daniels Associates, 
Indianapolis 


Take Control 


COULDN'T AGREE more with Eric 
| Goldfarb’s article “Answer the 
[ nk 32918]. The need 
r IT career knowledge 
ly on our own shoul- 
farb's suggestions are 
rate, and motivating, too. | love 


please keep up the 
great work. | plan to treat this article 
5 a blueprint to prevent slumps that 
periodically occur in my career 
Chery! Garrett 


IT manager, Miami 


‘Tm a Prima Donna’ 
HE ARTICLE “Singing for Them- | 
T ” [QuickLink 32735] hit 
close to the mark. | am a prima 
donna. | never thought of myself 
that way before, but your descrip- 
tion was almost uncomfortable. | 


seives 


was fortunate enough to have a 
manager whose instincts hap- 
pened to follow the suggestions in 
the article. They do work. | am more 
socially skilled than most of my 
peers (that is, | value the quy who's 
willing to do the grunt work), but | 
have to really work at keeping my 
mouth shut. It's not an easy task 
Prima donnas are a different breed. 
We're good and we know it. Most of 
our arrogance is based on fact: We 
deliver. And as far as management 
goes, you can keep it. | may have 
learned how to contain myself, but | 
have no desire to learn politics, deal 
with idiots or hear how someone 
has a better cube than someone 
else. Just give me work and leave 
me alone 

Pat Flickner 


Lead programmer, Phoenix 


E HAVE AN ALIAS for prima 

donnas: geeks. | work with 
young geeks who can't understand 
why things needed to be dumbed 


| down for end users (referred to as 
| “lusers”). But our geeks are sensi- 
tive, wonderful and delightful peo- 


ple. As the technical lead and presi- 


| dent of the company, | give them 


plenty of freedom to do what they 
want. Handling customers? | do 
that. There's a functional separa- 
tion that needs to be observed 
People perform best in their 
spheres. Geeks need freedom in 
architecture, workplace and flexibil- 
ity. When given it, they produce the 
best, for who else would work night 
and day to produce software with 
great architecture? Not necessarily 
the nice guy who spends time so- 
cializing and delegating work to 
others! 

Ranga Nathan 

President, Reliance Tech- 
nology, Chelsea, Mass. 
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Avoid the ‘Gotcha’ 


F YOU’VE EVER had consultants perform a 
security audit on your network then you 
know all about the “gotcha report.” That’s 
what security wonks call the big, thick, over- 
whelming document handed over after an 


audit that shows the re- 
sults from automated 

scans used to pinpoint 

the thousands of vulnera- 
bilities and likely attack k 
points on your company’s \ 
network. 

Unfortunately, it’s 
about as useful as a “to- 
do” list that’s 60,000 
items long. 

“Security auditors love 
to run those big, fat 
gotcha reports. They 
think they’re proving that systems 
administrators don’t know any- 
thing,” said Alan Paller, research 
director at The SANS Institute. “But 
knowing about those 60,000 things 
doesn’t help you solve the problem. 
All it’s doing is flooding you. So, like 
an engine, you don’t start.” 

The mind-numbing extent of the 
problem is why Gartner can so con- 
fidently predict that 90% of the ex- 
pected cyberattacks on businesses 
this year will take advantage of 
known, well-documented vulnera- 
bilities. That’s right. Holes in your 
network, gaping open and inviting 
invasion by anyone from script kid- 
dies to criminal hackers. The Code 
Red and Nimda viruses, which to- 
gether cost businesses billions of 
dollars in losses worldwide, both ex- 
ploited known vulnerabilities. 

But what if the massive to-do list 
for securing networks could be 
trimmed to a manageable size? What 
if somebody not only pointed out 
the flaws but also supplied fixes? 

Chat’s what happened last week, 
when the General Services Adminis- | 
tration released its third annual list 
of the top 20 Internet security 
threats plaguing both Windows and | 
Unix systems. The list, created by | 


MARYFRAN JOHNSON is 
editor in chief of Comput- 
erworld. You can contact 
her at maryfran johnson® 
computerworld.com. 


the FBI and The SANS 


Institute (www.sans.org/ 


top20), had a truly no- 
table difference: work- 
able, practical solutions 
presented alongside the 
problem. 

Standing up with the 
feds at the announce- 
ment in Washington 
were representatives 
from a handful of pri- 
vate-sector security 
companies that special- 
ize in network vulnerability testing 
(see today’s News section). They 
were ready with a bunch of tools 
and services — both commercial 
software and freeware — already 
updated to check for the latest top 
20 threats. This kind of public/pri- 
vate partnership sets a great exam- 
ple, and one that our industry 
should applaud. 

But we can’t stop there. The fact 


that so much software, the majority 


of it from Microsoft, ships in a state 
of deplorable security is no longer 
acceptable. Better scanning tools 
and comprehensive lists of common 
vulnerabilities are a fine and neces- 
sary defense, but what about the of- 
fense? Patricia Keefe has said it here 
before, but it needs to be said again 
— and again. The IT community 
needs to raise its collective voice 
and lower the financial boom by re- 
fusing to buy products that aren’t se- 
cure right out of the box. 

It’s widely believed in government 
circles that the massive buying pow- 
er of certain federal agencies — and 
the threat of that financial tap being 
turned off — was the real reason Mi- 
crosoft officials suddenly got securi- 
ty religion earlier this year. Money 
does talk, and we know what walks 


Are you using the buying power of 


your IT organization to apply the 
same pressures to your vendors? 
Have you made secure systems a 
condition of doing business with 
your firm? Have you established 
your own baseline security stan- 
dards, endorsed and supported all 
the way up through the CEO? These 
are key questions to keep in mind as 
you examine any new products, par- 
ticularly wireless ones. D 


\ A \eARSHORE ¢ OrrouoRe” 
()UTSOURCING CONFERENCE 


and 
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PIMM FOX 


| Can Bring On 
‘Tax Credits 


HERE ARE more than 

150 state and federal 

job tax-credit programs 
that companies can apply for, 
but the paperwork associated 
with the hiring of veterans, minorities 
or those who live in enterprise or em- 
powerment zones discourages busi- 
ness from earning those credits. 

Fortunately, new permutations in 
the way XML and SOAP interact with 
corporate HR and accounting databas- 
es will make it easier to get those tax 
credits and harder to use bureaucratic 
burdens as an excuse not to get them. 

By automating the hiring applica- 
tion procedure via an in-store kiosk, 
companies such as Home Depot, 
Blockbuster and Target can quickly 
determine the tax ad- 
vantages of each ap- 
plicant. A straightfor- 
ward questionnaire 
screens for federal 
and state tax credit 
qualifications by 
combining prepro- 
grammed employer 
information with ap- 
plicant data. 

The kiosk system 
pulls the appropriate 
form from a database 
running on a service provider’s host 
using a SOAP interface in a Web ser- 
vices application. Upon completion of 
the form, hiring managers can instant- 
ly see the tax credits that would accrue 
every quarter for the new employee. 
This information is then transmitted 
directly to the corporate tax director, 
who can enter the dollar amount right 
on the company’s tax forms. 

In California, for example, compa- 
nies can earn up to $30,000 in tax 
credits per employee, depending on 
qualifications. This is a dollar-for-dol- 
lar credit that could potentially turn 
an HR department into a profit center. 

This integration of tax credit data 
into the hiring process comes from the 
nation’s largest tax-credit screening 
company, Phoenix-based ITax Group 
Inc., which produces the question- 
naires in English and Spanish. 

SOAP and XML data from the tax 


PiMM FOX is a freelance 
writer in San Francisco. 
Contact him at 
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credit form are connected to a compa- 
ny’s hiring management system. The 
system also generates reports on the 
entire tax-screening process so man- 
agers know how many applicants qual 
ify for the credits and how much the 
company can earn participating in var 
ious programs. 

More than 80% of Fortune 500 cor- 
porations currently take advantage of 
some job tax credit program, but Web- 
based IT screening should make these 
government programs available to 
more companies. 

I know IT isn’t considered a typical 
venue for advancing social and politi- 
cal goals. Rather, it’s routinely called 
upon to boost the bottom line by trim- 
ming or automating functions from 
the company’s operations and lubri- 
cating the wheels of e-commerce. But 
there’s money available to your com- 
pany, and XML and SOAP are making 
it easier for you to collect. Applying 
the technology will help your prof: 
itability, and you'll be encouraging the 
hiring of more people who will benefit 
the most from jobs. 

rhere’s nothing wrong with feeling 
good about making money. DB 


Avoid Wiping 


Out on New 
CRM Wave 


ERE’S A RIDDLE: 

What costs $100 mil- 

lion and doesn’t work 
70% of the time? Answer: a 
customer relationship man- 
agement system. That’s what Gartner 
Inc. reported last year about large 
scale CRM implementations. Execu 
tives responsible for overseeing such 
egregious wastes of ¢ orporate re- 
sources ought to thank their lucky 
stars for all the media attention de 
flected by the recent corporate ac 
counting scandals. 

It’s convenient to blame vendors 
ind consultants for this sort of thins 
and I wouldn’t entirely disagree. But 
too many companies jumped into 
CRM projects without clear strategies 
or sufficient buy-in from top manage 
ment, paid too much attention to the 
technology piece of the selution, and 
radically underestimated the com 
plexity involved in rethinking their 


approaches to customer relationships. 


Vendors only added more 
fuel to the fire. 

Despite this history and 
today’s tight budgets, ana- 
lyst firm Aberdeen Group is 
predicting a compound an- 
nual growth rate for total 
CRM spending of nearly 
10% through 2005 

However, there’s a new 
wave of CRM projects that 
are scaled down, shorter in 
duration and much more 
closely monitored for return 
on investment. A CIO maga 
zine survey published in 
May revealed that 49% of 
CRM projects will be com- 


pleted in less than 12 months and 70 
within 18 months. Moreover, 64 
respondents indicated that their CRM ce 
systems are being implemented incre 
mentally though smaller pilot projects 
instead of as a single enterprisewide 


a “CRM lite” world. My 
firm analyzed more than 
150 CRM projects and 
learned that organizations 
ought to be focusing more 
than ever on people (vs. 
process or technology) if 
they want to succeed. Here 
are a few pointers from the 
study: 

Breed a strong line of project 
champions. Top performers 
like to stay on the move in 


DAVIO FOOTE is president 
and chief research 
officer at Foote Partners 
LLC, a management 
consultancy and IT 
workforce research firm 
in New Canaan, Conn. 
Contact him at 
dfoote@footepartners.com. 


their careers, which 
wreaks havoc on their 
projects. Be certain that 
the carefully selected 
champions you've attract- 
ed at all levels to guide your CRM 
»of the | project don’t bolt before qualified suc 
ssors can take their place. 

Do a formal stakeholder analysis and plan. 
RM 


projects, especially over time in place 


Diplomacy plays a big part in ¢ 


project built with full-service software vhere hot political issues and person 


suites. Many companies are opting for il v 
smaller CRM packages and ac 
more later, patching together their vari 
ous customer systems or outsourcing 
some pieces, such as call centers 


But you can still get in big trouble in 


App Dev’s Demise 
nor KEEFE’S 
results of Computerworld 


vey on the future of IT [QuickL 


iding Sti 


olumn on th 


endettas pose serious threats. 
ikeholders must be identified, their 
roles recognized, their interests ac- 
knowledged and their relationships to 
other stakeholders understood. Map 


this out in a structured fashion in or- 


Don Kilmark 
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der to plan what’s necessary to influ 
ence each stakeholder and boost the 
chances for project success 

Organize a CRM project management 
office. Staffed by both business and IT 
workers, this office 


would be respon 


ble for training users and 
finding ways to 
daily routines 
structure and processes for ¢ 
information in a single spot an 
ing it visible to all who need it 
Keep it simple, and exercise patience. 


CRM requires significant personal 


| : 
change for those involved, not ju 


justments to systems and processes 


Resistance can be subtle, elusive an 


1austing. CRM veterans caution 
that time and effort are easily 
especially the large 
of education, communication and 
tience rec chological 
Technology 
with CRM, af 


1at needs automation, design 


tions and developed a road maj 
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RELIABLE* 
ALTERNATIVE TO 
OBJECT-DISORIENTED 
DATABASES. 


For your next generation of applications, 
move to the next generation of database 
technology. Caché is the post-relational 
database that combines high-performance 
SQL for faster queries and an advanced 
object database for rapidly storing and 
accessing objects. 

With Caché’s multidimensional engine, 
your future applications will be massively 
scalable and lightning fast - and they won't 
require frequent database administration or 
hardware and middleware upgrades. You'll get 
higher performance, at lower cost. 

Plus, Caché comes with a powerful Web theta hatin abil 
application development environment that will objects and robust SQL, 
dramatically cut the time required to build Oracle developers will be happier with Caché. 
and modify your applications. 

The reliability of Caché has been proven We are InterSystems - a specialist in data 
in “life-or-death” applications at the world’s management for 24 years, providing 24x7 
largest hospitals. With high reliability, high support to 4 million users in 88 countries. 
performance and low cost-of-ownership, Caché is available for Windows, OpenVMS, 
you'll be happier with Caché. Linux and major Unix systems. 


InterSystems & 


E.. CACHE 


Make Applications Faster 


Download a fully-functional version of Caché or request it on CD for free at www.interSystems.com/reliable 
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FIELD REPORT: Asset Management 
Asset management tools go beyond PC 
tracking to combine inventory, financial and 








Good Members Needed 


A survey of Siebel Systems reference 
customers found that the majority of 
them haven’t gotten the ROI they were 
hoping for from the vendor’s CRM 
system. That points to a pressing need 
throughout the IT industry, says 


Slow Rollout for Tablet PCs 


Early users give Tablet PCs, with their 
pen-input systems, a thumbs up for some 
applications, but widespread adoption 

in corporations is still years away. In 
Emerging Technologies, we look at the 
potential uses — and problems — of this 
new way to compute. Page 34 


integration with other applications is still 
evolving while users learn to configure the 
software and their business processes to 
solve asset management problems. Page 32 


| 
contractual management information. But | 


VOIP: Dont Overlook 


SECURITY 


The addition of voice to data networks raises 
security problems that could be forgotten as 
companies focus on issues like latency and 
interoperability. By Jaikumar Vijayan 


CORPORATIONS THAT ARE implement- 
ing voice over IP (VOIP) technologies 
in a bid to cut communications costs 
shouldn’t overlook the security risks 
that can crop up when the voice and 
data worlds converge, users and ana 
lysts say. 


Most users implementing VOIP these 


days are primarily concerned about 
voice quality, latency and interoper- 
ability. All are fundamental quality-of- 
service considerations that companies 
need to deal with before they can even 
begin justifying the move to VOIP. 


| SANS Institute 
| authentication-related issues stemming 
| from VOIP services and urged users to 


But some security organizations 
are cautioning users about the dangers 
of unsecured VOIP services. For in- 


| stance, in an August 2001 paper on its 


Web site, the Bethesda, Md.-based 
warned of privacy- and 


apply the same precautions they’ve 


| used to protect their data services. 


“With the convergence of the voice 


| and data worlds, the real similarities 
| of the security concerns will become 


apparent,” the SANS report said, urg- 
ing users to take measures such as en- 
crypting voice services, building re- 
dundancy into their VOIP networks, 


| locking down their VOIP servers and 
| performing regular security audits. 


Without a sharp focus on security as 


| well, VOIP will never make it into cor- 
| porate use, 


say users and analysts. 


columnist Robert L. Scheier. Page 40 


With VOIP, voice traffic is carried 
over a packet-switched data network 
via Internet Protocol. VOIP networks 
treat voice as another form of data 
but use sophisticated voice-compres- 
sion algorithms to ensure optimal 
bandwidth utilization. As a result, 
VOIP networks are able to carry many 
more voice calls than traditional 
switched circuit networks. VOIP also 
enables enhanced services such as 
unified communications. 


| 


Voice as Data 

Securing voice traffic on such net- 
works isn’t very different from secur- 
ing any data traffic on an IP network, 
says David Krauthamer, director of IT 
at Advanced Fibre Communications 
Inc. (AFC), a Petaluma, Calif.-based 
manufacturer of telecommunications 
equipment. AFC is using limited 
VOIP communications internally and 
may use it for external communica- 
tions as well. 

“VOIP security needs to be handled 
in the overall context of data security,” 
Krauthamer says. 

But there are some aspects of VOIP 
networks that users need to pay close 
attention to, says Christopher Kem- 
merer, an analyst at NexTiraOne Inc., 
an integrator of voice and data net- 
works in Houston. 

In a VOIP world, private brarch ex- 
changes (PBX) are replaced by server- 
based IP PBXs running on Microsoft 
Corp.’s Windows NT or a vendor’s 
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Encrypt VOIP traffic and run it over 
Fe lap 

Make sure you've properly configured 
NMOL OR mL ea oe 
Pe RUM HSM eM TRS | the 
Pema ie Emme els] 
the International Telecommunication 
Union's H.323 voice protocol. 

Consider segmenting voice and data 
traffic by using a virtual LAN. This will 
limit the threat posed by packet-sniffing 
Or eM Pema Ce 
meee 

PULec ari me eee eR 
front of corporate firewalls to process 
UR ROT Tem eleoMer Lem 

Make sure that server-based IP PBXs 
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proprietary operating system. Such 
call management boxes, which are 
used both for serving up VOIP ser- 
vices and for logging call information, 
are susceptible to virus attacks and 
hackers. Break-ins of these servers 
could result in the loss or compromise 
of potentially sensitive data, Kem- 
merer says. 

Consequently, it’s important that 
such equipment is properly locked 
down, placed behind firewalls, patched 
against vulnerabilities and frequently 
monitored using intrusion-detection 
systems, he says. 

The University of Houston went one 
step further and made sure that its call 
manager and its entire VOIP network 


LeU gL 
ms) 


Call managers/ IP PBXs can be targets of 


denial-of-service attacks and viruses. 


aan eC) 


Anyone connected to the IP network could, in theory, eavesdrop 
on voice calls if he had the right hacking and data-sniffing tools. 





aren’t directly accessible from the 
Internet. The school has put its IP 
PBXs in a different domain than its 
other servers and has limited adminis- 
tration access to the servers. 

“As a university, the potential for be- 
ing hacked or coming under a denial- 
of-service attack is a huge concern for 
us,” says Charles Chambers, the uni- 
versity’s manager of network planning 
and development. 


Trouble at the Gateways 
VOIP gateway technologies are also a 
potential weak point. When VOIP is 
used externally, gateway technologies 
convert data packets from the IP net- 
work into voice before sending them 
over a public switched telephone net- 
work. When VOIP is used internally, 
the gateways basically route packe- 
tized voice data between the source 
and the destination. 

The concern here is that such gate- 
ways can be hacked into by malicious 
attackers in order to make free tele- 
phone calls, Chambers says. The trick 
to protecting against this lies in having 
strict access-control lists and making 
sure the gateway is configured in such 
a fashion that only the people on this 
list are permitted to make and receive 
VOIP calls, he says. 

“We are mainly trying to make sure 
that the scope and access is restricted 
to a minimal number of people so that 


| our exposure [to threats] is reduced,” 


Chambers says. 

As with traditional telephony, eaves- 
dropping is a concern for organiza- 
tions using VOIP — and the conse- 
quences can be greater, says Charlie 
Rabie, a vice president at Aspect Com- 


| munications Corp. in San Jose. Aspect 
| is a provider of software and services 
for implementing VOIP, traditional 


telephony and other communication 
services. 

Because voice travels in packets 
over the data network, hackers can use 
data-sniffing and other hacking tools 
to identify, modify, store and play back 


| voice traffic traversing the network, 


Kemmerer says. 

A hacker breaking into a VOIP data 
stream has access to a lot more calls 
than he would with traditional tele- 


| phone tapping. As a result, “one of 
| the big differences is that a hacker has 


a much higher probability of getting 
intelligent information” from tapping 
a VOIP data stream than from moni- 


| toring traditional phone systems, 
| Rabie says. 


| Encryption Helps 


Separating and isolating voice traffic 


| onto a virtual LAN is one way of miti- 
gating that risk, Kemmerer says. 


So is encrypting VOIP traffic and 
running it over a virtual private net- 


| work (VPN) when dealing with exter- 


| nal communications, Krauthamer says. 

| Some of AFC’s salespeople and remote 

| workers use VOIP to communicate 

| with the head office. All of this com- 

| munication takes place under the secu- 


| rity of a VPN using multiple encryp- 


tion layers, Krauthamer says. 
It might be a good idea to encrypt 


| VOIP traffic flowing internally over a 


corporate network to prevent insider 
attacks, Rabie notes. 

The use of desktop-based soft phones 
to make and receive VOIP-based tele- 
phone calls can also result in dan- 


Wel 
CAEN 


VOIP gateways can be hacked into so the 
attacker can make free telephone calls. 


PC-based 
soft phone 


The use of desktop-based soft phones could result 
in dangerous holes being punched in the firewall. 





PRODUCT OPTIONS 


The following are among the growing 
number of products designed to secure 
VOIP communications: 


® WinSet from Aspect Communica- 
tions is aimed at letting remote users 
connect to the corporate network using 
IP telephony via VPN links. 


® Secure Virtual Network from 
Check Point Software Technologies 
Ltd. in Redwood City, Calif., is a packet 
inspection technology designed to 
inspect VOIP traffic - including the 
various protocols that are involved in 
VOIP transmissions - for possible 
security threats. 


= The PeerPoint Enterprise Edition 
server from Jasomi Networks Inc. in San 
Jose was designed to securely translate 
VOIP call streams between an internal 
IP network and a public network. 


® Ingate Firewalls from Ingate Sys- 
tems AB in Stockholm are Session Initi- 
ation Protocol-aware and therefore de- 
signed to let VOIP traffic flow securely 
in and out of corporate networks. 


® Cisco Pix 500 Series firewalls from 
Cisco Systems Inc. were designed for a 
wide spectrum of applications, includ- 
ing VOIP. 


gerous holes being punched into the 
corporate firewall that hackers could 
exploit, warns Kemmerer. 

Once again, the best way to address 
this problem is to restrict use through 
access lists and to ensure that all in- 
bound VOIP traffic that flows through 
a corporate firewall is routed through a 
gateway server to eliminate a direct 
connection to the Internet, he says. 

VOIP security is a challenge that is 
“inextricably linked” with issues such 
as interoperability with data networks 


| and quality of service, says Rabie. 


But ultimately, it’s important to 
remember that securing a VOIP in- 
frastructure involves nothing that is 
“drastically different” from the mea- 
sures corporations have always taken 
to protect their data, Kemmerer says. 

“Security issues relating to VOIP 
have only begun to surface over the 
last one year,” he says. “But this has to 
be a major consideration. Chances are, 
you are unlikely to get hacked. But 
once you do, you'll never forget it.” D 


A FALSE SENSE OF SECURITY 


VOIP users could get burned because security doesn't 
appear to be among their primary concerns 
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‘i $ VEREEAS Software owns 46% of the baékup and recovery software market 


P Wy for UNIX and Windows environments. according to a leading industry analyst 
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OPEN INFRASTRUCTURE 


INTEGRATION 


PLAY 


1] To win in the e-business game, you need an infrastructure 
that gives you the freedom to stretch across divisions. Across 
territories. Across platforms. All platforms, including Linux 


2] IBM is helping write the book on open standards. We have 
WebSphere? integration software. A slew of Linux experts. UNIX° 
specialists. Windows NT° know-it-alls. XML developers. And 
tens of thousands of integration experts at your beck and call 


3] For more Winning Plays, visit ilam.com/e-business 


© business is the game. Play to win.” 
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these lean times, but to achieve 
that, IT managers need to know 
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and what work those assets per- 
form. Asset management soft- 
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where that information can be 
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and contractual information. 
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with enterprise resource planning 
systems, have customizable IT 
process mapping capabilities and 
offer stronger analytical tools. But 
good policy, rather than technolo- 
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BY MICHAEL MI 


_ TECHNOLOGY — 


Asset Management 
Extends IT Control 


THE IDEA BEHIND IT ASSET management 
software is simple enough: These tools 
discover the assets on your network 
and act as a central repository for IT 
asset information. 

To accomplish this, most products 
include an autodiscovery feature that 
creates an inventory of networked PCs, 
servers and other IT assets. However, 
limitations in that technology mean 
that a physical inventory still must be 
taken, because many assets either exist 
outside the network or the tools fail to 
recognize an asset or some 
of its attributes. 

Asset management soft- 
ware has evolved beyond 
simple inventory tracking to become 
the central repository for a variety of 
IT asset data, blending the physical in- 
ventory with financial and contractual 
information (see diagram, below). 
Most tools also attempt to track assets 
when they’re moved or changed. But, 
again, users say, regular, manual audits 
and updates are necessary in order to 
make sure the data is accurate. 

While the core technology for IT as- 
set management is well established, 
most tools now let users customize 


| scripts for IT asset management proc- 


esses and provide greater analytical 
capabilities. That means users can cus- 
tomize asset management systems to 
match the exact purchasing or new- 
hire processes their companies use in 
order to capture all the pertinent data. 
Users say it’s still difficult to formu- 
late a full technology plan around IT 
asset data. Vendors are building 
stronger ties to enterprise resource 
planning modules, and integration 
with Web application servers should 
eventually allow for the in- 
put of asset management 
information into applica- 
tion development tools 


| used in Web development. However, 


those initiatives are in their infancy. 


The biggest challenges IT faces with 
asset management software aren’t 
technical. “You really are looking at re- 
engineering processes rather than us- 
ing tools,” says Patricia Adams, an ana- 
lyst at Stamford, Conn.-based Gartner 
Inc. “If you break it down, it’s about 
80% process and 20% tool.” 

IT must also choose and design as- 


Vendors Consolidate, Integrate Tools 


A WAVE OF CONSOLIDATION changed the 
asset management vendor landscape 
during the past year. Computer Associ- 
ates International Inc. in Islandia, N-Y., 
bought Intraware Inc. in Orinda, Calif., 
which had acquired Janus 
Technologies Inc.’s Argis 
line of management soft- 
ware. That’s now integrat- 
ed with CA’s Unicenter. 
MRO Software Inc. in Bedford, Mass., 
bought MainControl Inc. in McLean, 
Va., adding IT management to its man- 
ufacturing and purchasing portfolio. 
Peregrine Systems Inc. in San Diego, 


aS 


which gobbled up Remedy Corp. last | 


year, filed for reorganization under 
Chapter Il last month. The announced 


| $350 million sale of its Remedy Corp. 


service management assets to Houston 
Based BMC Software Inc. 
could help it. But even if 
Peregrine fails to survive, | 


analysts expect its strong | 


AssetCenter offering to be quickly ac- 


| grine is adding handheld device asset 
management capabilities to AssetCen- 

| ter, but its expertise lies in life cycle 

| management — the ability for a user to 


. ‘ . | 
| quired, with support to continue. Pere- 


capture everything that happens to an 
IT asset from the moment it’s ordered. 

MRO doesn't offer the breadth of 
services of CA, nor the enterprise cus- 
tomer experience of Peregrine, but it 
integrates well with other software. 

At this point, no vendor is the clear 
leader, says Patricia Adams, an analyst 
at Gartner Inc. in Stamford, Conn. 

And analyst William Snyder at Meta 
Group Inc. in Stamford says he’s seen 
little innovation even though some 
products have more features. Most 


| companies are just trying to unify the 


products they’ve absorbed, he says. D 
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set management systems around dif- 
ferent audiences, taking into account 


who uses the information, and how. 


“People buy a tool and think it’s go- 
ing to solve their problem,” says 
William Snyder, an analyst at Meta 
Group Inc. in Stamford. “It doesn’t 
work that way. You have to know what 


| your problem is and then configure 


your software and processes to tackle 
that problem.” 

“That means we really have to look 
at our methods,” says John Bennett, in- 
formation systems manager at Bayer 


| Corp., a Pittsburgh-based pharmaceu- 
| . . : 
tical and chemical supplier. 


A key for Bayer was finding an IT 
asset management system that could 
work with IT Infrastructure Library’s 
service management best practices 
(www.itil.co.uk/about_itil/itil_about. 
htm), which Bayer has adopted. 

“Asset management really focuses on 
how you do things,” Bennett says. “You 
can’t expect the system to work with- 
out the people working behind it.” 

One technical mistake Adams says 
new users routinely make with the 
software is treating software and hard- 
ware as separate entities, rather than 
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six Tips for 


At a minimum, look for asset 


Don’t rush, Build an asset man- 
agement database in stages. A fully 
populated database can take up to 
three years to create. 

Don’t relegate the asset and li- 
cense management functions to a 
silo. Make them a direct report to 
the ClO or chief technology officer. 


dependent parts of a greater whole. 

“The software will let you do that, 
but you don’t have a full picture of the 
IT life cycle until you treat them as a 
single asset,” she says. D 


Meehan is a freelance writer in Brook- 
line, Mass. You can reach him at 
mmeehan626@earthlink.net. 


MORE ON ASSET MANAGEMENT 


Chaos Theory: Why most IT shops are nowhere near 
asset management nirvana 

QuickLink 32969 

Cost Cutter: How one company used asset 
management tools to put the squeeze on IT outlays: 


QuickLink 32968 
www.computerworld.com 
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Where the Tools Fall Short 


IT ASSET MANAGEMENT software does a | IP Telephony 


good job on the basics, but as the IT 
infrastructure changes in several areas, 
these tools must scramble to keep up. 


Web Services 

In implementing Web services, pro- 
grammers reuse many application 
components. IT needs to be able to 
track those components as assets or 
risk a licensing nightmare 
when developers unwitting- 
ly exceed license thresholds. 

Web services can also create 
new usage patterns that may affect IT 
retirement programs. 

“We absolutely need to come up 
with a way to do impact analysis,” 
says John Bennett, information sys- 
tems manager at Pittsburgh-based 
Bayer Corp. “In the future, we won’t 
be able to afford not knowing how 
things are connected.” 


Web services aren’t the only change 
coming. Danny Stimpson, user ser- 
vices manager at Building Material 
Holding Corp. in San Francisco, says 
his company’s move into voice over 
IP has him looking for beefed-up as- 
set management capabilities. 

“T’m not sure how we get an asset 
management client on an IP phone, 

but it’s absolutely an asset 
we need to track heading 
into the future,” he says. 


Asset Aggregation 

Allen Andersen, vice president of 
brand management for Unicenter at 
Islandia, N-Y.-based Computer Asso- 
ciates International Inc., says part of 
the key for software vendors will be 
the ability to detect not just the indi- 
vidual elements, but also how those 
elements work as part of a system. 


“What’s the purpose of tracking one 
piece of a storage-area network?” he 
asks. “By itself, it doesn’t do anything. 

We’re going to have to understand in- 
| terdependence at a higher level.” 

Vendors are just beginning to work 

| on these issues. But William Snyder, 

| an analyst at Stamford, Conn.-based 
Meta Group Inc., says, “Most cus- 
tomers don’t have processes in place 
to do asset management at any level, 
let alone when new technology rolls 

| through the door. Without that, how 

| do they expect to accurately assess 
the impact of those changes?” 

Nonetheless, Bennett says he hopes 
Bayer’s movement toward stronger IT 
asset management practices will help 
future-proof the company. 

“We know we need to be ready for 
when changes come,” he says. “And 
we're only now coming to understand 
where we are.” D 





Controlling Remote Sites 


Building Materials Holding Corp., San Francisco 


WHO THEY ARE: Professional contractor supplier 


IT GOAL: Develop a way to keep track of IT assets and coordinate 
IT projects across 60 satellite offices in 15 western states. 


STRATEGY: Use Computer Associates International Inc.’s Unicen- 
ter Asset Management software and have PCs from remote offices 
update information at network log-in 


CHALLENGES: With no servers in remote offices, BMCH had no 
way to efficiently distribute the asset management system's agent 
software to client PCs. Instead, user services manager Danny 
Stimpson and his group made the software available on a 

central Web server and distributed versions on CD-ROM. An- 
other challenge: BMHC’s frame-relay wide-area network con- 
nections to remote sites aren't 100% reliable for remote sys- 

tem updates. “So we've made sure that if the PC can’t contact 

the hub, it holds the information until next time,” Stimpson says 





PAYOFF: The IT department streamlined the installation of new 
time and attendance software on employee PCs by determining in 
advance which computers needed system 

software upgrades to support a required 

Java applet 


COMMENTS: Stimpson isn’t yet sold on 
combining the asset management software 

with CA's new Argis financial forecasting 4 
software or Unicenter management func- DA 
tions. “!'m going to need to see how well that 
integrates and what value it adds,” he says 


ethan 


user services 
manager 


| Tools Enable IT Consolidation 


Bayer Corp., Pittsburgh 
WHO THEY ARE: U.S.-based chemical and pharmaceutical sub 
sidiary of Bayer AG 


IT GOAL: Create a single enterprisewide asset management sys- 
tem and manage it from a new, centralized data center. Use the 
system as a tool to review and consolidate IT services 


STRATEGY: Implement San Diego-based Peregrine Systems Inc.'s 
AssetCenter software in the data center; feed in asset data from 30 
branch offices. 
CHALLENGES: “The biggest issue we have is not in installing the 
tool - it's been collecting the data,” says John Bennett. in- 
formation systems manager. Peregrine includes an asset 
discovery tool, but a comprehensive, accurate inventory re- 
quires additional manual input 
The deeper the conversion goes, the more rigorous the 
entire company has to be about how it buys, provisions, updates 
and retires its IT assets, Bennett says. “Everyone has to know the 
process and follow the process,” he says. 


PAYOFF: Since the installation in May, Bayer has been able to iden- 
tify leased telecommunications circuits that were supposed to be 
retired months earlier 
COMMENTS: “We really haven't had a good approach to retiring 
things before this, and it cost us money. It’s a lot of information to 
keep track of, but it’s something we need to do if we want to run a 
more efficient operation,” says Bennett. 

Next, Bennett plans to integrate the asset management system 
with the help desk, financial and human resources systems. 








32 COMPUTERWORLD October 7, 2002 


Asset Mana 


TECHNOLOGY 


www.computerworld.com 


gement 


Extends IT Control 


ANS 
Management 


Tools 


Operational effi- 
Pes LEN AEN I 
ee UEC be 
inant IT credo in 
these lean times, but to achieve 
that, IT managers need to know 
Uae RU Clr \ 
and what work those assets per- 
form. Asset management soft- 
Cen Ge Mire Lele tic) 
where that information can be 
kept, along with related financial 
Ue regres 
The newest tools can integrate 
PU elec cme ceem ET TLTS] 
systems, have customizable IT 
process mapping capabilities and 
offer stronger analytical tools. But 
good policy, rather than technolo- 
SRG) BOS ne 


SMe maar 


THE IDEA BEHIND IT ASSET management 
software is simple enough: These tools 
discover the assets on your network 
and act as a central repository for I'l 
asset information. 

To accomplish this, most products 
include an autodiscovery feature that 


creates an inventory of networked PCs, 


servers and other IT assets. However, 
limitations in that technology mean 
that a physical inventory still must be 
taken, because many assets either exist 
outside the network or the tools fail to 
recognize an asset or some 
of its attributes. 

Asset management soft- 
ware has evolved beyond 
simple inventory tracking to become 
the central repository for a variety of 
IT asset data, blending the physical in 
ventory with financial and contractual 
information (see diagram, below). 
Most tools also attempt to track assets 
when they’re moved or changed. But 
again, users say, regular, manual audits 
and updates are necessary in order to 
make sure the data is accurate. 

While the core technology for IT as 
set management is well established, 


most tools now let users customize 


Uae i 


scripts for IT asset management proc- 


esses and provide greater analytical 


capabilities. That means users can cus- 


tomize asset management systems to 
match the exact purchasing or new- 
hire processes their companies use in 
order to capture all the pertinent data. 
Users say it’s still difficult to formu 
late a full technology plan around IT 
asset data. Vendors are building 
stronger ties to enterprise resource 
planning modules, and integration 
with Web application servers should 


eventually allow for the in- 


put of asset management 
information into applica- 
tion development tools 
used in Web development. However, 
those initiatives are in their infancy. 


Think Process 

rhe biggest challenges IT faces with 
asset management software aren't 
technical. “You really are looking at re 
engineering processes rather than us- 
ing tools,” says Patricia Adams, an ana 
lyst at Stamford, Conn.-based Gartner 
Inc. “If you break it down, it’s about 
80% process and 20% tool.” 


IT must also choose and design as 


Vendors Consolidate, Integrate Tools 


A WAVE OF CONSOLIDATION changed the 


it vendor landscape 
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year. Computer Associ 
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MRO Softw 
bought MainControl Inc. in McLean, 
Va., adding IT management to its man 


ire Inc 


ufacturing and purchasing portfolio. 
Peregrine Systems Inc. in San Diego, 


in Bedford, Mass., 


which gobbled up Remedy Corp. last 
year, filed for reorganization under 
Chapter I last month. The announced 
$350 million sale of its Remedy Corp 
service management assets to Houston 
Based BMC Software Inc. 
could help it. But even if 
Peregrine fails to survive 
analysts expect its strong 
AssetCenter offering to be quickly ac 
quired, with support to continue. Pere 
grine is adding handheld device asset 
management capabilities to AssetCen 
ter, but its expertise lies in life cycle 


management — the ability for a user to 


capture everything that happens to an 
IT asset from the moment it’s ordered 

MRO doesn’t offer the breadth of 
services of CA, nor the enterprise cus 
tomer experience of Peregrine, but it 
integrates well with other software 

At this point, no vendor is the clear 
leader, says Patricia Adams, an analyst 
at Gartner Inc. in Stamford, Conn. 

And analyst William Snyder at Meta 
Group Inc. in Stamford says he’s seen 
little innovation even though some 
products have more features. Most 
companies are just trying to unify the 
products they’ve absorbed, he says. D 


set Management systems around dif- 
ferent audiences, taking into account 
who uses the information, and how. 

“People buy a tool and think it’s go- 
ing to solve their problem,” says 
William Snyder, an analyst at Meta 
Group Inc. in Stamford. “It doesn’t 
work that way. You have to know what 
your problem is and then configure 
your software and processes to tackle 
that problem.” 

“That means we really have to look 
at our methods,” says John Bennett, in- 
formation systems manager at Bayer 
Corp., a Pittsburgh-based pharmaceu- 
tical and chemical supplier. 

A key for Bayer was finding an IT 
asset management system that could 
work with IT Infrastructure Library’s 
service management best practices 
(www.itil.co.uk/about_itil/itil_ about. 
htm), which Bayer has adopted. 

“Asset management really focuses on 
how you do things,” Bennett says. “You 
can’t expect the system to work with- 
out the people working behind it.” 

One technical mistake Adams says 
new users routinely make with the 
software is treating software and hard 
ware as separate entities, rather than 
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Six Tips for 
Success 


At a minimum, look for asset 
autodiscovery, an asset database 
and software-usage metering capa- 
bilities. 

Don’t expect autodiscovery to do 
it all - building and maintaining the 
asset database can require sub- 
stantial manual input. 

Implement the processes needed 
to keep information current and ac- 
curate before deploying a tool. 

Make sure asset management 
tools run on servers with a continu- 
ous network connection. 

Don’t rush. Build an asset man- 
agement database in stages. A fully 
populated database can take up to 
three years to create. 

Don’t relegate the asset and li- 
cense management functions to a 
silo. Make them a direct report to 
the CIO or chief technology officer. 


dependent parts of a greater whole. 
“The software will let you do that, 

but you don’t have a full picture of the 

IT life cycle until you treat them as a 


single asset,” she says. D 


Meehan is a freelance writer in Brook- 
line, Mass. You can reach him at 
mmeehan626@earthlink.net. 
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Where the Tools Fall Short 


IT ASSET MANAGEMENT software does a 
good job on the basics, but as the I'l 
infrastructure changes in several areas, 


these tools must scramble to keep up 


Web Services 


In implementing Web services, pro 
grammers reuse many application 
components. IT needs to be able to 
track those components as assets or 
risk a licensing nightmare 
when developers unwitting- 
ly exceed license thresholds. 
Web services can also create 
new usage patterns that may affect IT 
retirement programs. 

“We absolutely need to come up 
with a way to do impact analysis,” 
says John Bennett, information sys 
tems manager at Pittsburgh-based 
Bayer Corp. “In the future, we won't 
be able to afford not knowing how 
things are connected.” 


ANALYSIS 


IP Telephony 

Web services aren't the only change 
coming. Danny Stimpson, user ser- 
vices manager at Building Material 

folding Corp. in San Francisco, says 
his company’s move into voice over 
IP has him looking for beefed-up as- 
set management capabilities. 

“I’m not sure how we get an asset 
management client on an IP phone, 
but it’s absolutely an asset 
we need to track heading 
into the future,” he says. 


Asset Aggregation 

Allen Andersen, vice president of 
brand management for Unicenter at 
Islandia, N-Y.-based Computer Asso- 
ciates International Inc., says part of 
the key for software vendors will be 
the ability to detect not just the indi- 
vidual elements, but also how those 
elements work as part of a system. 
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“What's the purpose of tracking one 
piece of a storage-area network?” | 
asks. “By itself, it doesn’t do any 
We're going to have to understand i 
terdependence at a higher level 

Vendors are just beginning to work 
on these issues. But William Snyder 


an analyst at Stamford, Conn.-based 
Meta Group Inc., says, “Most cus 
tomers don’t have processes ir 

to do asset management at any | 

let alone when new technology rolls 
through the door. Without that, how 
do they expect to accurately assess 
the impact of those changes?” 

Nonetheless, Bennett says he hopes 
Bayer’s movement toward stronger IT 
asset management practices will help 
future-proof the company. 

“We know we need to be ready for 
when changes come,” he says. “And 
we're only now coming to understand 
where we are.” D 
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Tablet PCs Begin 
Slow Rollout 


Early users give the pen input systems a thumbs 
up for some applications, but widespread adop- 


tion is still years away. By Matt 


HEN MICROSOFT 

Corp.’s Windows 

XP Tablet Edi- 

tion officially 

launches Nov. 7, 
several notebook computer 
manufacturers plan to intro- 
duce the first Tablet PCs. Ear- 
ly corporate beta testers are 
giving these devices — and 
the technology — 
mostly positive 
reviews. 

Users say they 
like the basic idea 
behind Tablet PCs: 
Using the Tablet Edition’s | 
Journal applet or other appli- | 
cations, users can write words | 
with an electromagnetic digi- | 
tizer pen on a specially adapt- 
ed LCD screen that actsasa | 
writing surface. The system 
can then either store the note | 
in a format called “digital ink” | 


@ Q&A 


itil latent 
EMERGING 
TECHNOLOGIES 


Page eee 
or convert it into an ASCII 
text file. 

For at least one user, the op- 


erating system’s ability to con- 


vert handwriting to text is su- 
perfluous. About 20 attorneys 
are testing Tablet PCs at Weil, 


| Gotshal & Manges LLP, a 


2,400-member law firm in 
New York. They’re using the 
Tablet Edition’s 
Journal applet 
principally to an- 
notate Microsoft 
Word documents 
with handwritten 
notations, says CIO James 
McGinnis. 

The lawyers work with the 
documents and store their 
changes as digital ink. Support 
staff members then later tran- 
scribe the notes, according to 
McGinnis. “There’s not so 
much text conversion, since 


: few hours with the Acer machine 


: and the HP machine. | like the stor- 


GM Takes On 
Two Tablets 


i age of [digital] ink and the use of 
: that within Excel, Word and other 


places. It's not perfect, but it’s far 


: superior to anything else and very 


GM CTO Tony Scott comments on : 
the automaker's early tests of : 
Tablet PCs. 


Where are you using tabiet 
devices? GM already has thou- 
sands of ruggedized tablet units in 
place in factories, some 

on wireless networks, 

but all proprietary plat- 

forms from a variety of 
manufacturers. 


What Tablet PCs have 
you tried? I've had a 


functional, usable. 

The handwriting recognition 
works. I'm left-handed, and previ- 
ous attempts with recognition 


? haven't always worked out. 
: Where might GM use Tablet 


PCs? Midlevei and high- 
level managers. . . . In the 
WAN, you can start to see 
some good field service 
{applications} and apps 
where you don't have to 
build special devices. 

- Matt Hamblen 





Hamblen 
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it’s valuable to stay with their 
handwriting,” he explains. But 
“just to be able to do that is 
huge,” he adds 

McGinnis was sufficiently 
impressed that, as the law firm 
retires nearly 1,500 laptops, he 
plans to replace them with 
Tablet PCs. 

Weil, Gotshal & Manges has 
tested Taipei, Taiwan-based 
Acer Inc.’s TravelMate 100, a 


| notebook PC that a user can 


convert to a tablet device by 
swiveling and folding the dis- 
play down over the keyboard 
[QuickLink 31724]. 

But McGinnis says he’s 
more impressed with native 
tablet designs such as the 
12-in. screen tablet by Motion 
Computing Inc., an Austin, 
Texas-based company whose 
founders include former Dell 
Computer Corp. executives. 


Easy to Use 

General Motors Corp. Chief 
Technology Officer Tony Scott 
has also tested the Acer ma- 
chine and another unit from 
Hewlett-Packard Co. and has 
used digital ink within Micro- 
soft Excel, Word and Power- 
Point files. He says it’s “very 
functional and usable,” both 
for managers inside the fire- 
wall and for field service 
workers. 

Scott says the handwriting 
conversion works well, but he 
would like to see brighter 
screens and an increase in bat- 
tery life from the current three 
or four hours to at least six. 
He adds that he’s also con- 
cerned about the storage re- 
quirements for digital ink im- 





@ AT A GLANCE 


Tablet PC 


WHAT IS IT? A combination 
of Microsoft's Windows XP 
Tablet Edition with portable 


tion or can store “digital 
ink” image bit maps. 
WHAT'S THE BENEFIT? 
Allows rapid note-taking and 
document annotation with- 
out keyboard input, which 
means Tablet PCs can be 
smaller than traditional 
laptops. 
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TARGET USERS: Field per- 
sonnel, such as insurance 
adjusters, or knowledge 
workers who find pen input 
easier than typing. 
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CAVEATS: Digital ink files 


age files, which need more 


space than corresponding 
ASCII text files. 

Analysts are voicing other 
concerns about the product. 

For example, Ken Dulaney 
at Gartner Inc. in Stamford, 
Conn., says that tablet devices 
will create added costs for 
corporations that must sup- 
port the new digital ink im- 
ages. That, he says, “will limit 


| adoption to a selected few.” 


Dulaney predicts that only 
3% of all notebooks purchased 
by the end of 2004 will be 


| Tablet PC-enabled laptops. He 


adds that a broader commit- 
ment by vendors is necessary 
to spur adoption, pointing out 
that both Dell and IBM “now 
sit on the sidelines.” D 


GETTING IT RIGHT — 


Early tablet designs may require several 
iterations before gaining acceptance from 
corporations 
QuickLink 32767 
www.computerworld.com 





= PRODUCTS 


Vendors Ready 
Slate of Offerings 


Early Tablet PC designs are likely to 
sell in the $2,000 range and will use 
processors from Intel Corp., Trans- 
meta Corp. and VIA Technologies 
Inc., analysts say. 

Initial machines fall into two cate- 
gories: convertible laptops that sup- 
port both keyboard and pen input, 
and native Tablet PCs that don’t in- 
clude a keyboard. Users can use a 
docking station with a native Tablet 
PC, though, and hook up an external 
keyboard and monitor. All that extra 
desktop hardware adds to the over- 
all system cost, however. 


EARLY ENTRIES INCLUDE: 
Acer’s TravelMate 100, the first 
convertible design, includes a 10.4- 
in. screen and a 700-MHz Pentium 
Ill processor. It supports 802.11b 
wireless LAN connections, weighs 
3.2 lb. and has a screen lid that can 
either open to reveal a traditional 
laptop keyboard or swivel and fold 
over the keyboard to function as a 
tablet surface for pen input. 


Motion Computing’s M1200 is a 
native tablet design that can use a 
docking station. The unit has no key- 
board, weighs less than 3 Ib., has a 
12.1-in. screen and will cost approxi- 
mately $2,000, the vendor says. 


Fujitsu PC Corp. in Santa Clara, 
Calif., and Hewlett-Packard are 
developing dockable and convert- 
ible models, respectively, but haven't 
publicly released details. 


On the software side, Microsoft 
plans to offer the Microsoft Office 
XP Pack for Tablet PC, which will 
support digital ink within Excel, 
Word, and PowerPoint. Initially, how- 
ever, digital ink will be stored as a 
separate file attachment 
rather than embedded 
natively in the docu- 
ment file. The com- 
pany has signed 
up 16 software 
partners, in- 
cluding SAP 
AG and Salt 
Lake City-based 
FranklinCovey 
Co., which will offer 
a tablet-enabled ver- 
sion of its day planner 
software. 
~ Matt Hamblen 





So many network applications. 
So little throughput. 
It’s time for Gigabit to the desktop. 


The surge in network applications has caused bottlenecks on desktops everywhere. The solution 


? Help your 
organization tackle all those network backups, remote software distributions and massive file downloads by 


providing an equally massive increase in throughput. With the Intel? PRO/1000 MT Desktop Connection 
intel PRO you'll benefit from 10 times the throughput. Other advantages: a Gigabit connection works on an existing 


Network Connections 10/100 Mbps Cat-5 network, and will seamlessly ramp up to 1000 Mbps. When this Gigabit connection 


is combined with the Intel® Pentium® 4 processor, studies have demonstrated a significant boost in desktop 


performance. Intel, the leader in desktop connections, makes multi-tasking less of a task — cost-effectively 


and without any need for expensive rewiring. Intel? PRO Network Connections. The intelligent way to connect. 
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For a trial kit, product and test information: www.intel.com/go/desktopgig 
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MPEG Standards 


DEFINITION 


The MPEG standards are an evolving group of com- 
pression and decompression standards defined by 
the Moving Picture Experts Group for digitizing and 
delivering audio, video and multimedia over com- 
puter systems and networks, including the Web. 


BY SAMI LAIS 
F YOU VIEW video on 
your computer or listen 
to music you down- 
loaded from the Inter- 
net, you probably use 

MPEG technology. 

In contrast to data files, 

audio and video files 
tend to be very large and 
intolerant of any delay 
or latency in delivery. 
Each packet must be 
received, decompressed 
and delivered to the user in 
precisely the order it was sent 
and at just the right time. Any 
dropped packets or mistimed 
delivery can turn the message 
into gibberish. 

MPEG algorithms compress 
the data to form small bits that 
can be easily transmitted and 
then decompressed accurately 
and quickly to allow high- 
fidelity reconstruction. MPEG 
standards aim for a compres- 
sion ratio of about 52:1, requir- 
ing the reduction of, for exam- 
ple, 7.7MB to less than 1SOKB. 

In the early days of MPEG, 
having enough power to per- 
form these compressions and 
decompressions was a prob- 
lem. A PC needs sufficient 
processor speed (about 400 
MHz), internal memory and 
hard-disk space. At 30 frames 
per second (fps), digital video 
requires 235MB of disk space 
per minute of play. 

Previously, PCs needed 
pricey hardware coprocessors, 
or coder/decoders (codecs) to 
handle the heavy processing 
load of MPEG files. Today’s 
desktop machines use soft- 
ware-only codecs, such as free 
products RealPlayer from 


Seattle-based RealNetworks 


| Inc., Windows Media Player 

| from Microsoft Corp. and 

| QuickTime from Apple Com- 
| puter Inc. to play the files. 


de 
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In 1988, the Moving Picture 
Experts Group Licensing 
Administrator (MPEG LA), 
which is made up of 
nine companies and a 
university, developed 
MPEG-1 and submitted 
the standard to the U.S. 
government. In 1991, 


| the group received a patent 
| along with permission to li- 
| cense the standard. 


Designed for coding pro- 
gressive video and developed 


| primarily for computer games, 
MPEG-1 delivered near-VHS- 


quality video at a data rate of 


| 1ISOKB/sec. MPEG-I’s video 


standard was based on the 


standard image format of 352 
| by 240 pixels at 20 fps. 
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3) codecs can produce CD- 
quality audio at compression 


| factors of up to 12:1. But typi- 


cal MP3s have a 25:1 compres- 
sion ratio and lose a substan- 
tial amount of data, says Louis 
Latham, an analyst at Gartner 
Inc. in Stamford, Conn. 

But even at the lower com- 
pression rate, a five-minute 
audio file that would normally 


| take SOMB of space on your 
| hard drive typically uses only 
| 5MB of space for the same 


quality sound. 
MPEG-2, developed in 1994 


| for coding interlaced images, 
| was conceived as a broadcast 
| standard: 720 by 480 pixels 

| at GO fps at data rates up to 

| 2MB/Ssec. 


For interlaced images, like 


| those on a conventional TV, 


half of the screen — every 


| other field — is drawn at a 


rate of 60 times per second. 
The other half of the fields are 


Peed ye Mee (olstsl ehets 
compression technique, as 
signs the shortest bit strings to 
the most frequently occurring 
characters and the longest to the 
least frequently occurring 


Uy emcee leans tre] 
predictive coding mea- 
SUMMER eli Ccutcua Teen ec] N17 
Wile (eM ieee UALR ULeRST] 8) 
frame and then transr 
differe 


ames, pre 
d onthe 
ceding 


PUM el (eiu ine micelles 


perceives as smooth motion. 


| are intended for very narrow 
| bandwidths, speech and video 
| synthesis, fractal geometry, 


| ly reconstruct images from 


| and audio compression that 
| let you store movies in about 





| standard DVDs. 

| minute movie can be copied 
onto a CD using MPEG-4 

| petition Congress for copy- 


| dard — on DVDs to prevent 


| and to be transmitted so quick- 
| ly that video can run over 9,600 
| bit/sec. mobile networks. 


| event reporting. D 


drawn in the next second. The 
two sets alternate continuously, 
producing an even data stream 
and images that the human eye 


In computer displays, which 
are noninterlaced, jagged edges | 
appear where one image meets 
another. To produce smooth 
video on a computer, both sets 
of interlaced fields are cap- 
tured, and an MPEG-2 codec 
smooths the edges where the 
two meet. The crisper look of 
digital TV and DVD are the 
result of an MPEG-2 codec. 

Approved in 1998 and 1999, 
respectively, MPEG-4 and MP4 | 


computer visualization and ar- 
tificial intelligence to accurate- 


minimal data. MPEG-4 and 
MP4 offer more lossless video 


15% of the space required by 


The ease with which a 90- 


prompted moviemakers, fear- 
ing a Napster-like furor, to 


right protection — now stan- 


such copying. 

But it’s the standard’s scal- 
ability that’s of greater im- 
portance, Latham says. The 
MPEG-4 codec allows video 
to be broken into bits so small 





MPEG-7 is a standard for 


| describing multimedia content 


data. 
Built on previous MPEG 
standards, MPEG-21 is a multi- 


| media framework designed for 
| creating and delivering multi- 
| media. Work on the standard 


began in June 2000. Key ele- 


| ments are digital item declara- 


tion; identification; content 
handling; use and representa- 


| tion; intellectual property 
| management and protection; 


terminals and networks; and 


Lais isa Computerworld 
contributing writer in 
Takoma Park, Md. 


www.computerworld.com 


Setting the 
Standards 


The MPEG standards for 
video and audio compres- 
sion and for multimedia de- 
livery designed by the Mov- 
ing Picture Experts Group: 


MPEG-1 Designed for coding 
video at a transmission rate 

of about 1.5 million bit/sec. 
Specifically designed for video- 
CD and CD-i media. 


MPEG-1 Audio Layer-3 Uses 
perceptual audio coding and 
psychoacoustic compression 
to remove superfluous infor- 
mation. Shrinks the original 
sound data from a CD by a 
factor of 12 without sacrificing 
sound quality. 


MPEG-2 Designed for coding 
interlaced images at trans- 
mission rates above 4 million 
bit/sec. 


MPEG- 4 Designed to provide 
a standard way for authors to 
create and define the media 
objects in a multimedia presen- 
tation, how the objects can be 
synchronized and related to one 
another in transmission, and 
how users will be able to inter- 
act with the media objects. 


MPEG-7 Defines an interoper- 
able framework for content de- 
scriptions. MPEG-7 has de- 
scriptive elements that range 
from very low-level signal fea- 
tures, like colors, shapes and 
sound characteristics, to high- 
level structural information 
about content collections. 


MPEG-21 Still under consider- 
ation, this standard is designed 
to provide a larger architectural 
framework for the creation and 
delivery of multimedia and for 
the protection of intellectual 
property rights. 


BIG OBSTACLE 


For information on Microsoft's challenge to 
MPEG-4, see our Web site: 


QuickLink 33316 
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| Are there technologies or issues you'd like 


to learn about in QuickStudy? Send your 
ideas to quickstudy@computerworld.com 
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WLAN Wars! 


Aban on wireless LAN access points fails to 
get employees to remove unauthorized APs. 
in fact, they’re adding new ones. 


By Mathias Thurman 


HIS IS THE THIRD time 
I’ve addressed wireless 
LAN (WLAN) security 
issues in this column, 
but the problem is only getting 
worse. I thought a company- 
wide e-mail spelling out a pro- 
hibition of the use of wireless 
access point (AP) hubs would 
be enough to persuade em- 
ployees to remove unautho- 
rized APs from the 
network. It wasn’t. 

Last week, I con- 
ducted another sur- 
vey at our corporate 
headquarters and dis- 
covered six new APs 
in addition to the 
units I had previously detect- 
ed. Not surprisingly, all of 
them were improperly con- 
figured. They had no encryp- 
tion and were set to broadcast 
the Service Set Identifier 
(SSID). Since it’s easy to dis- 
cover the SSID and there’s no 
encryption enabled, it’s not 
difficult for a hacker to gain 
access to our LAN through 
these rogue APs. 

Tracking down the APs has 
been difficult. The signal 
strength for all but one was 
high enough to reach the 
street in front of our head- 
quarters. I’ve been using the 
AirMagnet Handheld PC card 
and detection software from 
Mountain View, Calif.-based 
AirMagnet Inc. on my Pocket 
PC to detect the rogues, but I 
don’t have a directional anten- 
na that would let me zero in 
on the exact location of these 
hidden, illegal devices. 

My alternative course of ac- 
tion was more time-consum- 
ing, but only somewhat effec- 
tive. All the APs I discovered 
had an associated, unique me- 


| 
| 
| 
| 
| 
| 


dia access control (MAC) ad- 
dress on our LAN. Our compa- 


| ny uses Catalyst Ethernet 


switches from Cisco Systems 
Inc., and by querying these, 


| it’s possible to determine the 
| switch port each access point 
| is connected to. In theory, 
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once I discovered the switch 
port, the Ethernet cable con- 
nected to that port could be 
traced back through 
a series of patch 
panels to the office 
or cubicle where the 
AP resides. 

As a practical 
matter, this didn’t 
work too well. First, 


| the process was time-consum- 
| ing. There are four switches 
| per floor, and each of our six 


buildings has four floors. Be- 


| cause we don’t have a moni- 


toring tool like CiscoWorks, 
we had to log into each switch 


| and conduct a search for each 


MAC address. 
After some work, we were 
able to trace all but a few MAC 


| addresses into the wiring clos- 


et on a specific building and 


| floor. But once we traced a ca- 


ble into a wiring closet, we had 


| to rely on floor maps to deter- 
| mine which offices connected 
to which ports on the patch 


panel. It’s virtually impossible 


It’s clear that we 
can’t trust users 
to police them- 
selves. We need 
a way to auto- 
matically detect 
rogue APs. 
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ll: 
Attack of the Rogues 


| or identify the MAC address 


to trace a cable from a wiring 
closet to an office, since the 
cables run inside the walls and 
floors. To do this successfully, 
we'd need accurate, up-to-date 
wiring maps. They weren’t ac- 


| curate, of course, and we were 


unable to trace any of the 


| wires from the patch panel to 


the specific offices where the 


unwanted APs resided. 


A Legal Matter 


Still, we were closing in. 
The maps did give us a gener- 


| al idea of the section of a giv- 


en floor where the APs might 
be found. Now it’s a legal mat- 
ter. Do we have the authority 


| to do an office-by-office 


search, entering each employ- 
ee’s workspace in our search 
for unauthorized access 


| points? The labor and privacy 


laws for the state I work in 
tend to favor the employee. 
Therefore, before I start down 
the path of conducting search- 
es, I must be sure I don’t vio- 


tc be the cause of any legal 


| problems, so I’ve placed a call 
to our general counsel’s office. 


In the meantime, all we can 
do is disable the switch ports 
to which the rogue APs are at- 
tached. A smart user might 
just plug the AP into another 


| office jack and be up and run- 


ning again. But there are only 
two active ports in most of- 
fices, so sooner or later both 


| ports will be disabled and the 


employees will have to identi- 


| fy themselves to get back on 
| the network. 


It’s clear that we can’t trust 


| users to police themselves, 
| and we don’t want to go 
| through that laborious trace 


process every time. Therefore, 


| we will either have to pur- 


chase a software tool such as 
CiscoWorks or come up with a 
more efficient method for au- 
tomatically detecting these 


| 





unauthorized APs as users at- 


| tach them to the network. 


There are only two ways to 


| do this. The first is the wired 
| method I’ve described, in 


which you monitor network 
traffic. If you know what to 
look for, you can detect the 
802.11b WLAN traffic packets 


of a wireless access point. The 
other method is to use our ex- 
isting APs as sniffers in con- 
junction with software that 


| detects the radio frequencies 


of illegally attached devices. 
I think the latter method is 


| the better approach. Finding 


rogue APs by detecting wire- 
less signals is more efficient 
simply because there’s less 


| traffic to monitor on the wire- 


less segment than there is on 
the wired LAN. In the latter 


| case, the entire volume of traf- 


fic must be monitored and fil- 
tered in order to sift out wire- 
less traffic for further analysis. 

To use the wireless method, 
however, we will need to make 


| a significant investment in 


hardware and software. Our 
AP layout covers only a limit- 
ed area; to provide security, we 
need enough devices to cover 
the entire campus. If we can 


| get them, we can buy software 
| such as the AirWave Manage- 


| late any privacy laws. I’m nota | 
| lawyer and I sure don’t want 


ment Platform from San Ma- 
teo, Calif.-based AirWave 


| Wireless Inc. that will let us 


use our WLAN infrastructure 
both to support legitimate 
wireless LAN traffic and sniff 
out unauthorized APs. 
Despite the continuing 
problems I’ve had controlling 
rogue APs, I do think there’s a 
light at the end of the tunnel. 
But I can’t believe that I’m the 


only one experiencing these 


frustrations. If you’ve had sim- 
ilar experiences, drop me a 
line or share your recommen- 


| dations in the Security Manag- 
| er’s Journal Forum. D 


| 
| 
| 
| 
| 
| 
| 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “Mathias Thurman,” 
whose name and employer have been 
disguised for obvious reasons. Contact him 
at mathias_thurman@yahoo.com, or join the 
discussion in our forum: 


QuickLink a1590 


To find a complete archive of our 


| Security Manager's Journals, go online to 
© computerworld.com/secjournal 
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SECURITY L06 


Think of this as a cookbook of 
recipes for specific situations, 
with examples and step-by- 
step instructions on how to 
use some of the most popular 
security tools available on the 
Internet. The included CD- 
ROM contains almost ail the 
tools referenced. The chap- 
ters explaining forensics are 
particularly strong - the au- 
thors offer up useful tips for 
analyzing both Windows NT 
and Unix systems. 

Anti-Hacker Tool Kit is an 
awesome complement to any 
security professional's refer- 
ence set. Recommended. 

- Mathias Thurman 


UniVault Secures 
Content 


CYA Technologies Inc. in 
Trumbull, Conn., has an- 
nounced UniVault, a content 
security product that allows 
controlled sharing of sensitive 
Microsoft Word, Excel, Pow- 
erpoint and Adobe PDF docu- 
ments. UniVault can restrict 
the time, date and duration of 
access as well as limit the 
ability to modify documents or 
to copy data via cut-and-paste 
or through screen captures. 
Pricing starts at $35,000. 


IM in Control 

IMlogic Inc. has unveiled IM 
Manager to help corporate IT 
managers gain control over 
instant messaging (IM) pro- 
grams within their business- 
es. The Boston-based compa- 
ny says the server-based soft- 


ware will let IT departments 
archive, control and monitor 
IM communications. 

Pricing is $10,000 for 100 
to 500 users. The product is 
available now. 
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RSA Security, SecuriD and The Most Trustec 


VPN PROTECTION 


What message are you sending 
by protecting your VPN 
with a simple password? 


Too often, Virtual Private Networks are anything but private. With 
only a single password for protection, critical company data can 
be easily exposed for everyone to see. That can have damaging 
effects on you, your customers, your partners, 

even your bottom line. The RSA SecurlID® 
solution protects critical business data with 
two-factor authentication, securing your VPN 
and making it extremely difficult to hack. 
And because major VPN providers like CheckPoint, Nortel, 
Lucent, Cisco and dozens of others design their VPNs to work with 
RSA Security, you can be sure it will operate simply and flawlessly 
in almost any environment. And that means a lot less worrying 


about where your confidential information might show up. 


To receive your VPN Security Info Kit and to qualify for a 
FREE 25-User Trial of RSA SecurlD two-factor authentication, 


go to www.rsasecurity.com/go/vpn2-CW. Or call 1-800-495-1095. 


SECURITY 
The Most Trusted Name in e-Security” 


ACCESS MANAGEMENT ENCRYPTION DIGITAL SIGNATURES 


i Name in e-Security are registered trademarks or tradery 
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Itronix Launches 
Two Products 


Itronix Corp., a Spokane, Wash.- 


based supplier of wireless, rugged 


computing hardware and soft- 


ware, rolled out two products late | 


last month: 


= iCare Mobility is Internet Proto- | 


col networking software that en- 
ables persistent, secure IP con- 


nections between mobile applica- | 


tions and their servers on corpo- 
rate networks, intranets or the 
Internet, according to Itronix. 

# The GoBook Q-100 (left) is 


an ultrarugged wireless | 


handheld computer. It 
runs both Windows 
CE and Pocket PC 
2000. It has an IP 
67 sealing rating, 
making it virtually 
immune to invasive 
water or dust. It 
is Mil Spec 810E- 
| rated to withstand 
multiple drops onto 
concrete from 2 me- 
ters. The GoBook Q-100 
weighs 28 0z., including batter- 
ies. It’s priced at $2,295. 


Gordano Adds SMS | 


To Messaging Suite 


Gordano Ltd. in Clevendon, Eng- 
land, has integrated a Short Mes- 
saging Service (SMS) into the 


latest version of its Gordano Mes- | 
saging Suite application. The new | 


feature is integrated with Gor- 
dano’s existing secure Web mail 
application, which also includes 
shared calendars and antispam, 
antivirus and database-driven 


mass mailing capabilities. Pricing, | 


including optional modules, starts 
at about $5,000 for 50 users. 


Cognos Announces 
Metrics Manager 


Burlington, Mass.-based business 
intelligence software vendor Cog- | 


nos Inc. this week will announce 
Metrics Manager, which Cognos 
claims will allow users to create, 
monitor and report on perfor- 

mance indicators throughout an 
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‘Trustworth 
Numbers Nee 


IEBEL SYSTEMS IS predictably outraged by a 
survey of 23 of its reference customers that 
showed that 61% of those customers had yet 
to achieve a return on investment after two 
years with Siebel’s CRM software. 
Siebel pointed out, quite accurately, that asking only 
23 of its 3,500 customers isn’t statistically valid. But 
that isn’t the point. These were reference customers 


handpicked by Siebel as 
outstanding examples of 
the business value of its ap- 
plications. And they were 
asked specifically about 
their ROI on Siebel, which 
costs an average of about 
$6.6 million over a three- 
year period. 

ROI is probably the most 
important — if not the only 
important — criterion for 
IT spending in an era when 
corporate profits are so far 
in the tank. Today, the managers who 
sign off on tech spending need faster, 
more provable ROI more than they 


° : | 
need promises of future revenue gains, 


increased customer satisfaction or 
market share gains. Investors consid- 
ering a stock need profit and loss 
numbers they can trust, just as CIOs 
investing in CRM or ERP applications 
need ROI numbers they can trust. 

While the IT industry hasn’t pro- 
duced a fraud on the scale of Enron 
and WorldCom, we have delivered 
plenty of IT systems that were late, 
over budget or so hard to understand 
that they drove users to distraction. 
The bursting of the dot-com bubble, as 
well as the lack of any noticeable 
problems from the Y2k bug, make 
business managers justifiably skepti- 
cal of claims from IT vendors. 

It’s a new world of depressed spend- 





ing, high expectations and 
demanding scrutiny. If IT 
vendors (and IT man- 
agers) believe their ROI 
claims, it’s time to back 
them up. Here are some 
places to start: 

1. More comprehensive cost 
accounting. What a company 
spends for hardware, soft- 
ware and consulting is of- 
ten only the tip of the cost 
iceberg. Training costs rise 
(and productivity falls) if 


| an application turns out to be harder 
| to use than expected. In the Siebel 

| survey, 78% of the reference cus- 
tomers said Siebel suffered from a lack | 
| of user-friendliness. Another problem 


area for just about anyone installing a 


| new application is the full cost of inte- 


grating it with older systems. Com- 


| panies implementing large, enter- 


prisewide applications often incur a 
lot of hidden costs in the foggy area 


| of business process re-engineering, 
| which entails making changes in their 
| sales, billing, manufacturing or other 


processes in order to get the most ben- 


| efit from the software. If you can’t 


track these costs over time, you have 
an Enron-style ROI calculation. 

2. Better tracking of benefits. First, did 
you do a postmortem to see which of 
your expected benefits you actually 
achieved? Did you have an agreed- 





upon list of benefits beforehand, such 
as “30% reduction in support costs as 
measured by number of help desk 
calls?” Do you require the sponsoring 
business manager to agree to a spe- 
cific action if they achieve certain 
benefits — for example, if a new appli- 
cation increases productivity by 10%, 
the manager commits to laying off or 
reassigning 10% of his staff to new 
tasks? These are tough steps, but just 
as in the stock market, investors de- 
serve solid numbers. 

3. Standards for calculating ROI. It would 
probably be too hard, and maybe 
counterproductive, to try for an IT 
equivalent of the generally accepted 
accounting principles used in the 
accounting industry. We all saw how 
accountants worked around estab- 
lished accounting rules, and the last 
thing we need is endless negotiations 
and committee work over whose ROI 
methods are the best. 

However, some companies are 
already developing the templates, 
processes and tools needed to accu- 
rately identify costs and benefits 
across a range of IT projects. Why 
can’t at least some of these processes 
and tools be shared across companies 
in the same industry, or at least be 
used in the same company over time? 
That would give IT vendors (as well as 
IT managers) firmer evidence that a 
new technology provides more bang 


| for the buck than the one it replaces. 


Unless you see a huge economic 
recovery coming that I don’t see, the 
demand for tighter, more provable 
ROI is only beginning. Deliver those 
credible ROI calculations and you'll 
help your product, your company and 
your career survive the downturn. D 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 
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By the Book 


Steering clear of IT accounting 
debacles means knowing when and 
how to write off failed projects. The 
first step is to continually scrutinize 
project portfolios with an eye toward 
weeding out anything more than six 
months old. Page 45 


IKE PRIVATE INDUSTRY, the 
federal government is be- 
ginning to broadly embrace 
XML, the open standard for 
exchanging information 
among disparate computer 
systems. Government IT managers say 
the deployment of XML will facilitate 
interoperability among federal systems 
and between the government and cor- 
porations. They say it will also ulti- 
mately simplify government record- 
keeping and reduce the waste, fraud 
and abuse that results from poor 
records management practices. 

But meeting such goals isn’t without 
challenges, including a proliferation of 
nonstandard data definitions and struc- 
tures, a lack of a cohesive federal strat- 
egy for XML adoption and concerns 
about security. The private sector faces 
similar challenges in its deployment of 
XML, so how the government pro- 
ceeds could provide some guidelines 
for the corporate world. Nevertheless, 
a number of initiatives aimed at bring- 
ing the government the benefits of 
XML are under way in Washington: 

® In June 2000 the Federal CIO 
Council formed the XML Working 


| nents will make it easier for companies 


| electronically and to interface corpo- 


ENT 


EVA as Fact, Not Fiction 


Juicing the numbers isn’t an option for 
managers using an economic value-added 
approach to IT financial management, 
writes columnist John Berry. The reason: 
EVA’s built-in compensation regime, which 
makes bonus pay dependent on EVA 
outcomes. Page 51 


Group. Its goals are to partner 
with standards bodies that are de- 


| veloping XML and to facilitate the 
| government’s broad transition to 
| XML for data interchange. The 


group has established contact 
with citizens and IT profes- 


| sionals through regular pub- 
| lic meetings and a Web site 
| at http://xml.gov. In April 


this year, it published a draft 


| guideline for the develop- 


ment of XML-based govern- 


| ment systems. 


= The XML Working Group 
is sponsoring the development 


| of a governmentwide registry of 
| government-unique XML data 


structures, schemas and Document 


| Type Definitions that software devel- 
| opers can use when building XMI 

| applications. Ultimately, the registry 
| will point to repositories of standard, 


reusable components that will be avail- 
able for use by both government and 
industry developers. These compo- 


to do business with the government 


rate and government systems. 





= The Gaithersburg, Md.-based 
National Institute of Standards and 
Technology (NIST), working with 
other standards bodies and IT vendors, 
has developed a suite of tests by which 
vendors and users in government and 
industry can determine whether a piece 
of software conforms with XML speci- 
fications and with related standards, 
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QUOTE OF THE WEEK 


é | view every case of waste, fraud and 
abuse as just another example of the 

problem whose root cause is the failure to 

maintain and manage records effectively.” 


- Owen Arthur, a systems analyst at the Fish and Wildlife 
Service and co-chairman of the federal XML Working Group 


such as the Extensible Stylesheet 
Language and the Document Ob- 


fa 
ject Model. NIST is also working 
with vertical industry groups to 
develop conformance tests for 
*¢ 
‘ © 
A 
sae 


industry-specific standards. 
= Meanwhile, a number of 
federal agencies are bringing 
up XML-enabled applications. 
The U.S. Patent and Trade- 
mark Office has promised 
faster action on patent appli- 
cations that bear XML tags. 
The Environmental Protection 
Agency, working with NIST, de- 
veloped an XML metadata reg- 
istry for use internally and for 
information exchanged between 
corporations and state environ- 
mental protection agencies. The 
Securities and Exchange Commission 
has begun requiring financial filings to 
be formatted with XML-encoded head- 
ers, which it says is saving the govern- 
ment and filers the cost of developing 
custom software interfaces. These 
efforts are in response to a mandate 
from the White House to make govern- 
ment systems more interoperable and 
accessible to the public. 
As promising as these initiatives 
may be, they still worry the U.S. Gen- 


The feds are tapping XML for interoperability, pUDIIC | v2isseusasome cao. 0 


access and record-keeping. BY GARY H. ANTHES 


Washington 


to Congress that although XML offers 
many benefits, the language and the re- 
lated standards are dangerously imma- 
ture. The GAO warned, “System devel- 
opers must be wary of several pitfalls 
— the risk that redundant data defini- 
tions, vocabularies and structures will 
proliferate, the potential for proprietary 
extensions that would defeat XML’s 
goal of broad interoperability and the 
need to maintain adequate security.” 

In addition to these dangers, which 
the private sector faces as well, the 
GAO pointed out some specific gov- 
ernment shortcomings. It said there is 
no explicit, top-down strategy to guide 
<| XML implementations in government 
=| and that the needs of more than 300 
< | federal agencies haven't been consoli- 

| dated for presentation to standards 
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The Pros and Cons of XML 


STRENGTHS 


@ XML’s flexible, human-readable 
data tags and structures can be eas- 
ily adapted to many different needs. 


XML standards are freely 
available and nonproprietary. 


® Information in XML documents 
can potentially be accessed and 


PITFALLS 


Defining unique data tags and structures can potentially 
lead to compatibility problems with other systems and 
defeat t the goal of broad-based data exchange. 


it s easy for vendors and others to build nonstandard 


extensions to their products and systems, which could 
also inhibit broad- based data exchange 


Inc reasing access to information that's tagged in 
human-readable form increases security concerns. 


shared among disparate systems. 


@ It’s easy to search tagged XML 
data for specific information. 


bodies. It also said the government had 
not yet established a registry of gov- 
ernment-unique XML data structures, 
the kind of directory the XML Working 
Group is now helping to build. 

Agency IT managers for the most 
part agreed with the GAO’s findings 
but balked at the suggestion that they 
move slowly on XML applications un- 
til standards solidify. In a letter to the 
GAO, NASA CIO Lee Holcomb wrote, 
“Government [agencies] have begun 
using XML based on a trade-off of the 
benefits of its use in an incomplete 
business-standards environment vs 
the risk that their implementations will 
have to be redone to conform to busi- 
ness standards that are eventually fi- 
nalized by the private sector. ... 
the current status of XML standards, 
this seems to be a rational approach.” 

Marion Royal, co-chairman of the 
XML Working Group and an agency 
expert at the General Services Admin- 
istration, says he’s working with indus- 


Given 


try groups for banking, insurance, auto- 
motive and the like to avoid “reinvent- 
ing the wheel.” For example, he says, 
the Department of Energy may be able 
to use XML data structures, schemas 
and terminology developed by the oil 
industry. Royal says the government- 
wide XML registry will give the private 


sector “a single schema to use to do 


Dat ta that isn't highly structured, such as narrative text, 

may be difficult to convert to XML. Further, converting non- 
tagged information to XML may require a significant effort 

without prior agreements and established data dictionaries 


| business with all government agencies, 


| porting, actual sales transactions or in- 


| partners to discover one another and 





regardless of whether it’s business re- 


formation discovery.” That will result 
in standard data structures and defini- 
tions and possibly reusable software 
components, which are lacking today. 
The XML group is also working with 


| the Organization for the Advancement 


of Structured Information Standards 


| on e-Business XML (ebXML) technical 


specifications. EbXML allows trading 


conduct business over the Internet. 
“EbXML holds a lot of promise,” Royai 
‘The problem with it is it’s taking 
so long, because it’s a challenge to cre- 
ate something that does all this stuff.” 


says. ° 


Security Issues 

Security concerns have slowed the 
use of XML in government, says Uttam 
Narsu, an analyst at Cambridge, Mass. 
based Giga Information Group Inc. 
“There have been grave concerns that 
if you make information more accessi- 


| ble, you make it more manipulable,” he 


“If you have data tied up in pro- 
prietary format, it’s harder for a hacker 
to get at than if it’s nicely open XML.” 
The GAO warned, “When XML is 
used, the direct transter of data may 
bypass security checks, such as those 


says. 


| nizations, Royal says. 
} are coming out, like [Universal De- 

| scription, Discovery and Integration], 
[Simple Object Access Protocol] and 

| [Web Services Description Language], 


| back to your PC,” 
| agencies and the local police expose 
| their search routines as a Web service. 


| software such as virus checkers.” 


Royal says vertical industry groups 
are addressing industry-specific needs 
for their XML-based standards but that 


| not enough is being done to address 


“horizontal” functions, such as user 
authentication. He blames this in part 
on IT vendors that fear losing a com- 


| petitive advantage based on their pro- 
| prietary approaches to security. 


The government is rolling out sim- 


ple XML applications for the exchange 
| of documents, and early reports are 


that it’s helping “repurpose” data for 


analysis and will over time make infor- 


mation more accessible. But the gov- 


| ernment may soon start to deploy 


XML-enabled Web services that in- 
voke functions such as search engines 
on systems belonging to other orga- 
“Other things 


so we are supporting ebXML, but we 


are keeping our eyes on other emerg- 


ing standards,” he says. 

The government should pursue the 
use of powerful Web services more 
aggressively, says Robert Wegener, 


| national director of solutions at RCG 


Information Technology Inc., a con- 


| sulting and systems development com- 
| pany in Edison, NJ. “ 
| pose you are checking someone at the 
| border, and you have to go to all these 


For example, sup- 


different databases and bring things 


he says. “So all the 


I can put somebody’s name or identifi- 
cation number in, send it over in a Web 
and I can use their CPU time.” 
“We see Web services as a great 


service, 


| loose-coupling technology for the gov- 


ernment,” says John Vrankovich, a se- 
nior director at Manugistics Group Inc. 
in Rockville, Md. “You can open up 
your application to external tools, in- 
herently because of the XML. And gov- 


ernment probably does more integra- 


built into intermediate data — | tion of systems than anybody.” D 


A Hypothetical XML- Based State Driver’ 5 License System 


Tagging XML data in a consistent way can make it much easier to locate and check information dispersed among incompatible computer databases. 


State agency 
processes request 


= Tax records 


= Criminal records 
= Traffic violations 


— 
federal informa: 
systems 


Issues driver's 


2 
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Permanent 
Records 


“I view every case of waste, fraud and 
abuse as just another example of the 
problem whose root cause is the failure 
to maintain and manage records effec- 
tively,” says Owen Ambur, co-chairman 
of the federal XML Working Group and 
a systems analyst at the Fish and 
Wildlife Service. 

XML and related standards and 
software reuse concepts could make a 
huge contribution to reducing waste, 
fraud and abuse in both the public and 
private sectors, he says. The reason: It 
would enable the automation of finan- 
cial records audits. 

Ambur says IT managers often con- 
fuse financial information in databases 
with financial records. “Databases are 
fundamentally not record-keeping sys- 
tems, because they are subject to ma- 
nipulation,” he says. “The beauty of 
XML is all original records are in their 
original format.” 

The recent corporate accounting 
scandals have underscored the need 
for sound record-keeping and have 
prompted the government to pay more 
attention to records, both its own and 
those filed from external sources. In 
August, Federal Communications Com- 
mission Chairman Michael K. Powell 
said he was backing away from an ear- 
lier plan to reduce the amount of finan- 
cial data communications companies 
must file with the FCC. 

Meanwhile, the National Archives 
and Records Administration (NARA) in 
College Park, Md., wants to improve 
both the longevity and accessibility of 
government records. It's conducting 
research and building prototypes for 
an electronic records archive that 
would use XML tags and descriptors 
to “wrap” proprietary formats such as 
Microsoft Word, Excel and PowerPoint. 

The idea is called persistent object 
preservation, and the objective is to be 
able to read a Word document, for ex- 
ample, years after Word ceases to be 
a product. “We believe that [XML] 
markup is one significant way of at- 
tacking the technological obsoles- 
cence problem,” says Mark Giguere, 

a computer specialist at the NARA. 

“A goal is to make it easier for agen- 
cies to follow their records manage- 
ment responsibilities,” says Nancy 
Allard, a senior policy specialist at the 
NARA. “Good record-keeping is one of 
the essentials to providing government 
accountability.” 

- Gary H. Anthes 
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oteering clear of IT accounting debacles 
means knowing when and how to write 
off failed projects. By Thomas Hoffman 


CCOUNTING TRICKS by En- 
ron, WorldCom and Global 
Crossing have made head- 
lines, but most companies 
keep their books fairly clean 
when it comes to handling 


| their IT costs, say industry experts. 


Besides the legal and moral choices 
involved, it’s “awfully hard to bury” a 
failed IT project worth tens of millions 
of dollars, says Stephen J. Andri 


ole, a professor of business tech- 


nology at Villanova University in 


| Villanova, Pa., and CEO of 


TechVestCo Inc., a Bryn Mawr, 
Pa.-based consultancy that helps com- 
panies optimize their IT investments. 
Nevertheless, there are widely ap- 
plied accounting methods and tech- 
niques that companies can use — and 
abuse — to account for or hide failed IT 
projects in their earnings statements 
or take advantage of loopholes on IT 
project costs. For instance, Andriole 
points to how some big companies will 


spin a failed IT project by lumping it 


under the infrastructure costs in its 10- 
K statement, an annual report of sales 


| and pretax operating income that all 
| public companies must file with the 


Securities and Exchange Commission. 


| Another tactic is to refer to the failed 
| effort as a pilot or research and devel- 
| opment project, depending on its size. 


Other companies take advantage of 


an accounting standard approved in 


1998 by The American Institute of 
Certified Public Accountants (AICPA) | 
called Statement of Position (SOP) | 
| 98-1. It allows companies to amortize 
| and capitalize the costs associated 
with application development projects 
= including programmer salaries — 
over the life of a system. 
Both practices are technically legal, 
yet some IT experts disagree with their 


use. “These kinds of things shouldn't 
be capitalized unless [the application] 
is going to exist reasonably unchanged 
over the course of its life,” says Jeremy 
Grigg, an analyst at Gartner Inc. in 
New York. Grigg says he believes some 
companies might try to take advantage 
of the verbiage in SOP 98-1 and manip- 
ulate the standard to hide costs. This 
is one reason why he believes financial 
regulators need to review SOP 98-1 

to determine whether amendments 
should be made to it. 

Although SOP 98-1 is a legally rec- 
ognized accounting method, “it’s a 
bit misleading,” says Grigg. “Where 
else can you capitalize salaries? It can 
lead to an accounting treatment that’s 
anti-intuitive.” 

A spokesman for the AICPA in New 
York said the organization has “no plans 
to review or modify” the standard. 

Still, at least one consultant, Ram 
Reddy at Cutter Consortium in Arling- 
ton, Mass., says that abuse of IT ac- 
counting rules at Fortune 500 compa- 
nies is “quite extensive.” Reddy, who 
is currently the CEO of Huntington 
Beach, Calif.-based Tactica Consulting 
Group LLC, says he has seen these 
abuses firsthand in previous positions 

as CIO at a Tier 1 auto supplier 

and chief technology officer at a 

Fortune 500 company. 

Reddy points to frequently 

quoted figures from The Standish 
Group, a West Yarmouth, Mass.-based 
IT consultancy whose research con- 
cludes that 31.1% of all IT projects are 
canceled before they’re completed. But 
talk to executives at big companies, 
“and no one will tell you where the 
failed IT projects are,” he says. 


Expense or Capitalize? 

In general, IT investments fall into 
one of two accounting buckets. Smaller- 
ticket items such as printers are ex- 
pensed and subtracted from the bot- 
tom line within a quarter or fiscal year. 
More expensive outlays, such as the 
replacement of several thousand PCs, 
are typically capitalized and depreciat- 

| ed over a three- to five-year period. 
lan Campbell, co-founder and prin- 
| cipal analyst at Nucleus Research Inc. 


in Wellesley, Mass., says that although 
he hasn’t seen many companies make 
sleight-of-hand capitalization moves 
such as burying failed IT projects un- 
der R&D costs, “I can tell you there’s a 
lot of pressure [by some senior execu- 
tives] to do that.” 

As might be expected, the handful 
of IT executives who were willing to 


| be interviewed for this story said that 


they ve never been influenced by top 
brass to take part in questionable ac- 


| counting moves regarding their orga- 


nization’s IT purchases. 

“We are a very conservative com- 
pany, and because of that, there’s noth- 
ing out of the ordinary,” says Mehrdad 
Laghaeian, CIO at Danvers, Mass.- 
based Osram Sylvania Inc., a $4 billion 
lighting manufacturer. 

Accounting procedures for IT costs 
“are pretty cut and dried here,” says 
Steve McDowell, information systems 
director at a retirement home operator 
in the Pacific Northwest who asked that 
his company not be identified by name. 
If a piece of software or equipment 
costs $2,000 or less, “it gets expensed,” 
says McDowell, who adds that his com- 
pany hasn’t had to write off any IT. D 


Keeping 
it Clean 


Don’t throw good 
money after bad. 
Review all IT projects 
more than six months old 
and decide whether they 
should be continued 


e 


Come clean with 
senior management, 
detailing the shortcomings 
of any failing projects. 
Give such projects the correct 
accounting treatment on the 
income statement, such as 
capitalizing software expenses 


0 


Put all spending related 
to innovative thinking 
and pilot projects into 
the expense category 
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How to reseg aces 


assessment. | 


F YOU'RE AN IT MANAGER, you 

need to know what skills your 

staffers possess. Without a proper 

skills assessment, how can you go 

about planning projects, changing 
strategy, outsourcing work, and train- 
ing or downsizing staff? 

“The IT field changes so rapidly that 
you need to know what skills you have 
compared to what you might need,” 
says Betty Calhoun, director of special 
IT projects at DynCorp Sys- 
tems and Solutions LLC, a 
federal contractor in Gaith- 
ersburg, Md. 

Your human resources department 
may be able to help with the assess- 
ment, says Linda Pittenger, CEO of 
a Bridgewater, N.J.-based 
IT human resources consulting unit of 
Gartner Inc. But the CIO should take 
the lead, because the IT workforce is 
ultimately his responsibility. 

Before you start, know why you're 
doing it and focus your efforts to get 
the information you need. For exam- 
ple, if you’re planning to build Web 
front ends on mainframe applications, 
be sure you use an assessment tool 
that covers all the bases around Web 
and mainframe skills. 


People3 Inc., 


Choose an Approach 

There are three approaches you can 
take: You can hire a consulting firm to 
manage the skills assessment for you, 
purchase a software tool designed for 
the process or build one yourself. You 
can also track skills manually if your 
IT department is small enough, but if 
it’s that small, you probably already 
know everyone’s skills. 

The CIO at a large Midwestern man- 
ufacturing company recently complet- 
ed an assessment of 200 IT people us- 
ing the services of a consulting firm. 
“We're looking at a very large .Net 
project and want to know who has 


Ir 





skills 


what expertise so we can use that in 
our deployment schedule,” says the 
CIO. She asked to remain anonymous 
because her employees are “kind of 
paranoid,” fearing that the assessment 
may signal an impending layoff. 

“This process is one that gets em- 
ployees uncomfortable,” says Gordon 
Lavalette, chief operating officer at 
People3, “so communicate before, dur- 
ing, after, early and often.” 

The CIO’s workers had 
two weeks to complete on- 
line profiles of themselves, 
using a five-point grade on 

skills ranging from specific hardware 
and software expertise to project man- 
agement experience. The information 
was automatically forwarded to their 
managers, who had a week to review it, 
clear up any discrepancies and sign off 
on it. If there were discrepancies, the 
managers and employees discussed 


them and worked them out. It was up to | 


Know why you’re assessing skills, 
and fine-tune the tool you use to 
i ®lm ere 
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the managers to bring it all to closure. 

Such skills ratings aren’t tied to per- 
formance reviews or salary discus- 
sions, so there’s really no need to em- 
bellish, experts say. If someone says he 
has a particular skill, he’ll probably be 

called upon for an upcoming 
project. 
Get buy-in from managers in 
advance, particularly for IT 
people who work in the business 
units, the CIO advises. And time 
the assessment carefully. “We did it 
a after midyear reviews, when 
we're focusing on project planning and 
training for the balance of the year,” 
she explains. “We wouldn’t have done 
it before reviews; people read too 
much into it.” 

The service cost about $30,000, in- 
cluding the ability to slice and dice the 
data in various ways, she says. But it 
will provide only a fleeting glimpse of 
her workforce. “If you don’t own the 
software, all you get is a snapshot,” she 
“You don’t have the ability to up- 
date it. We'll decide in a year or two 
whether we want to own the tool or 
if a snapshot is good enough. But if 
you're going to own it, you'll at least 
double the cost.” 


says. 


Filling Gaps 

Jim Hughes, CIO at National City Corp. 
in Cleveland, uses a customized tool 
called PlanView Web Software from 
PlanView Inc. in Austin, Texas, to keep 
up with changing skills in his project- 
intensive culture. At $600,000, the 
package provides a variety of human 
resources management and project 
management tools, including an up-to- 
the-minute skills assessment of his 
1,200-member IT workforce. 

“Project staff are being constantly 
reassigned, and each project will 
need different combinations of skills,” 
Hughes says. “To meet project de- 
mands without interruption, we need 
to track the capabilities of our staff.” 

When a project is completed, the 
manager reviews each team member’s 
performance, noting any new skills ac- 
quired and assessing the levels of ex- 
isting competencies. These updates 
feed into the resource management 
database, which Hughes consults when 
mapping out projects for the coming 
year. He compares existing skills 
among his staff with projected needs 
and plans training to close the gaps. 

If you use a tool with which IT 
workers rate themselves, save time by 
having each employee complete only 
the sections that relate to his current 
work and career goals, Calhoun advis- 
es. For example. a Cobol programmer 
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_ How do you ~ 
minimize paranoia 
in your IT staff when 
you do an IT skills 
assessment? 


= One word: communication. You 
can design the best program in the 
world, but if you don’t spend the 
time and energy for communica- 
tion, it falls apart. Your success 
may also depend on how you've 
used data in the past. In organiza- 
tions where compensation is a 
black box, you're never going to 
get your employees past the par- 
anoia, because if you haven't 
shared other information with 
them, they won't believe you now. 
GEORGINE YOUNG 

Hewitt Associates LLC 

The Woodlands, Texas 

@ The key here is to begin dis- 
cussing the need for a skills as- 
sessment in advance of the actual 
activity. Follow-up is also vital. 
Once the assessments are com- 
plete, the IT department must em- 
bark on a retraining process for 
those lacking skills, assign high- 
fliers and highly skilled staff to 
major projects, and implement a 
continuing education and training 
program for all staff. 

KAZIM ISFAHANI 

Robert Frances Group Inc. 
Westport, Conn. 


| who’s learning Java could ignore cat- 
| egories like database administration 
| and routers. 


If you choose to build your own as- 


| sessment tool, be forewarned: It’s a big 
| job and probably not cost-effective. In- 


| stead, 


“find a package that makes sense 


| and tweak it, but don’t sit down with a 


blank piece of paper,” Calhoun says. 
Regardless of your method, remem- 

ber that each result is like a snapshot. If 

you want an up-to-date picture, experts 


| say you'll need to repeat the process 


every 12 to 18 months or use a package 


| that can be continually updated. D 


"SIZING UP SOFT SKILLS 


| Go to our Web site to read how one manager used an 
| online tool to assess his leadership abilities. 


| 
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Make Learning 
Mandatory 


WHO: Chuck Linebaugh, director of in- 
Amundsen LLC, Chicago 


use in the course of their work every day. 


SOLUTION: Design and deliver cus- 
tomized training to all employees, who 
must subsequently pass a series of certi- 
fication tests to fulfill their basic job 


secretaries and executives at 


M O’Hagan, Smith & Amundsen 


were calling the law firm’s help desk 
with the same Windows, password and 
file-saving questions they had already 
asked — and received answers for — 





ONTH AFTER MONTH, attorneys, 


| was nonexistent, and the law firm was 


| desk. 


| firm’s lead partner with a pro- 


| clerical worker. To sell the idea, 


| Pay once to train all employees rather 
| than pay the recurring costs associated 


| company grew. “Essentially, we told 
| him, ‘Here’s how you can lower IS 


MANAGEMENT 


dozens of times. Information retention 


growing at a rate of 200% per year. Yet 
Chuck Linebaugh, director of informa- 
tion systems, didn’t have the budget to 
hire additional workers tohandle the | 
relentless ringing on the help 





Instead, he went to the 
posal: Offer customized IT 
make certification mandatory for 
everyone, from the top partners along 


Mahogany Row to the lowest-paid 


Linebaugh used a financial argument: 


with expanding the help desk as the 


STEAL 
THIS IDEA 


training toallemployees,and ~— | | 


costs,’ ”” Linebaugh says. 

Lead partner Glen Amundsen not 
only agreed to the idea, but he also of- 
fered to be the first to go through the 
training and take the certification ex- 
ams that Linebaugh and his team sub- 
sequently developed. 

To tailor the training to the firm’s 
employees, Linebaugh and three other 
people from IT sifted through the pre- 
vious year’s records of help desk calls, 
identifying 90 things that every worker 
— regardless of his job — needed to 
know in order to use the firm’s exist- 
ing technology. These items were then 
categorized into four areas — Win- 

— dows 2000, file management, 
Microsoft Word and Microsoft 
Outlook. 

Linebaugh’s team set about 
writing an extensive training 
guide, which took about four 
months, and testing it out on users 
during a series of pilot training classes. 
Then came distribution of the manual, 
and studying and testing of users, 
which began in June 2000. By June 
2001, all 350 employees had taken and 
passed the certification tests, which 


ghey 


| are administered online and now are 
part of the firm’s hiring process. 


Newly hired workers have three 
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months to pass the four exams. 

“We also built into the program an 
IS review,” says Linebaugh, explaining 
that workers’ compliance with compa- 
nywide IT policies and procedures, 
such as file-naming conventions and 
information storage rules, is tracked 
on an ongoing basis. These core com- 
petency reports are also a part of each 
employee’s overall annual perfor- 
mance review. 

Linebaugh says he figures the train- 
ing course and user certifications have 
yielded a return on investment of 
about $400,000, thanks to a drop in 
secretarial and other support costs. 
More knowledgeable workers, includ- 
ing attorneys who handle their own 
e-mail and word processing, require 
fewer secretaries to support them. 

IT has benefited as well, Linebaugh 
says. “We now enjoy an easier work- 
load because of people’s ability to an- 
swer their own questions. And when 
they do call the help desk, they’re 
more intelligent,” he says. 

As for the IT staff, “everyone is now 


| working on higher-end projects. We’ve 


grown as a company in our IT maturi- 


| ty — plus we didn’t have to hire anoth- 
| er person for the support staff.” 


— Julia King 


QUICKSCAN: I'l’ Help Desks 


Need Help? Phone In That SOS 


75% of Fortune 1,000 companies are cut- 
ting support costs by a minimum of 20% 
How? By centralizing their help desks 


Going to the user to solve his problem costs 
80% more than providing support from the 


help desk, according to Meta Group Inc. in 


Stamford, Conn. Figure in that the average 
user calls for help 1.25 times per month 
and the cost of deskside support costs 
$125 vs. $25 per call for support from 
the help desk. The annual savings add up to 
$1,500 per user 
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IT Manager’s Note to Self: Help the Help Desk 


Overall Perception of Service 
Quality in Help Desk Function 


High-quality resolutions 
ina timely fashion 


Accurate resolution, most- 
ly within time targets 


Accurate resolution, miss- 
es customer expectations 


Problems achieving 
customer satisfaction 


[ BASE 144 RESPONSES | 


a 


[ Company size: | 
Morethan500 employees Sams | 
| 100 to 500 employees 


| 
| Fewer employees | 
Fewer than 100 employees ee 
40% 


30% 
PERCENTAGE 


20% 


Putting a Face on Help 


Introducing the help desk to workers helps 
users see agents as people, not just a name- 
less group of techies at the end of a phone 
line. It also gives the help desk a chance to in- 
teract with users directly, according to John 
Ragsdale, an analyst at Giga Information 
Group Inc. His suggestions include: 


Publish a column in the company newsletter by 
a different agent each month. Run the agent's 
photo and his solution toa common problem 


Set up a booth at regional or national meetings 
so users can meet the help desk staffers who 
support them throughout the year. Offer the help 
desk a chance to present a seminar at these 
forums 


Set up a “Meet the Help Desk” booth once a 
week in the company cafeteria. Users can walk 
up and have questions answered on the spot. 


Offer user information sessions on specific 
topics, either in person or over the Web. Exam- 
ples include “Tips for Successful Upgrades” or 
“Getting the Most out of XP.” 
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Teleworkers Often 
Look Elsewhere 


Informal peer software support, also 
known as “Hey Joe” support, is the 
rule, not the exception, among tele- 
workers. Of 200 teleworkers sur- 
veyed recently, 69% said they use 
their company help desks for soft- 
ware support, but 71% reported 
turning to “a colleague who uses 
the software” for support. (Multiple 
responses were allowed.) 


Carrying a disabled piece of equip- 
ment into the office for repair is the 
most common way for teleworkers to 
obtain hardware service, reported by 
42% of users. It's also one way to 
maximize total cost of ownership 


8% of teleworkers are expected 
to fix broken systems themselves 
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Howard Schmidt 


In an interview with 

Computerworld’s 

Dan Verton, the 

No. 2 official on 

the White House 

cybersecurity team 

responds to critics’ 

claims that the 
National Strategy to Secure 
Cyberspace, released Sept. 18 
in draft form, was watered down. 
What do you say to critics who 
charge that the national strategy 
lacks teeth to effect real change 
in the private sector? The easy 
answer is that the strategy is a frame- 
work through which change is accom- 
plished, as opposed to a mandate. We 
said all along that we're looking to the 
market forces to solve these issues, 
not for the government to mandate or 
dictate how people should run their 
enterprise 


What happened to some of the 


tough language that some officials | 


had been using publicly, particu- 
larly about the lack of mature se- 
curity technology from the wire- 
less industry and the need for 
Internet service providers to take 
more responsibility for providing 
home users with the information 
and tools they need to secure their 
systems? The industry started to do 
some of these things. For example 
some of the cable modem companies 
now offer a link from their Web sites 
where you can download a free per- 
sonal firewall. The same thing hap- 
pened with the wireless industry 
Since this discussion has taken place, 
there's been a tremendous amount of 
research on how to secure wireless 
systems. That's the beauty of making 
this strategy a living document. As 
things change on the priority list, we 
can adjust the strategy. 


What do you think about the opin- 
ions of some analysts who say 
that market forces alone aren't 
enough to effect real change in 
national cybersecurity? | think that 
is selling the strategy short. The issue 
is that if you want to run a business in 
this interconnected world, you have to 
have security built in. It's not only part 
of the draft strategy for comment, but 
it's also good business sense. D 
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EVA as kact, 


Not Ficti 


N EMPLOYEE of a health care company in 
the South was inspired enough to write an 
e-mail in response to my last column in- 
troducing economic value added (EVA) 
as a potentially powerful approach to IT 


financial measurement and 
management [QuickLink 
32476]. His e-mail included 
this passage: 

“In your recent manage- 
ment article in the Sept. 2 
Computerworld, you used 
the term ‘quantifiable ben- 
efits.’ That’s the rub with 
EVA, some activities don’t 
produce quantifiable bene- 
fits; they are just good busi- 
ness. An example would be 
hiring a security guard to 
protect a warehouse full of 
stuff. If you don’t hire the 
guard, somebody will steal stuff from 
the warehouse, resulting in a loss, but 
I would challenge anyone without 
Stephen King’s talent for writing fic- 
tion to actually put a number on the 
benefit of hiring the guard. 

“The problem is really not so much 
that you can’t put a number on it, but 
that you can put any number on it.... 
Simply put, the use of EVA encourages 
managers to make up numbers.” 

The writer’s first observation is well 
considered. Not every investment re- 
quires a business case justification. 
Just as important as the security guard 
in the warehouse is a company’s need 
for a solid network; IT managers 
shouldn't need to prove this. 

The last sentence of this reader’s 
polemic is the reason I am returning 
to EVA. In theory, the EVA approach 
to capital investment decision-making 
might motivate IT managers to exag- 
gerate their preinvestment assess- 
ments. When a cost of capital charge 


is assessed against an 
IT project’s estimated 
ROI, the total return is 
lowered; an ROI of 50% 
before EVA is 38% after 
the company’s 12% cost of 
capital is charged. Thirty- 
eight percent might be 
a respectable return, but 
perhaps not respectable 
enough when an IT project 
is competing against oth- 
ers for scarce resources. 
A structural feature of 
EVA, however, discourages 
a manager’s inclination to 
juice the assessment numbers to win 
project approval. A cornerstone of 
EVA is a bonus compensation regime 
under which every penny of pay be- 
yond a manager’s base salary is at risk 
depending on yearly EVA outcomes. 
If EVA is negative for the company in 
one year, no bonus. If EVA scales the 
baseline target, managers and employ- 
ees receive bonuses. If EVA is signifi- 
cantly higher than the base, the com- 
pany will pay several multiples of the 
bonus. Recipients of EVA bonuses will 
attest to the fact that nothing focuses 
the mind like pain — or money. In 
many, but not all, companies, EVA 
bonuses flow right down from man- 
agers to workers on the shop floor. 
Companies such as The Manitowoc 
Co., Boise Cascade and Briggs & Strat- 


ton have undergone observable cultural | 


change as EVA companies. IT managers 
there truly think differently in that they 
no longer regard company funds as 
other people’s money. Their business 


units are charged the cost of capital as 
well as the capital required for the proj- 
ect, and their personal compensation 

is on the line because of it. They tend to 
think more like owners than employees. 

Typically, a company calculates the 
EVA of every IT project but scores the 
entire IT organization as a whole at 
year’s end. Is IT’s EVA positive for the 
year? More important, has IT’s EVA 
improved from the previous year? 
Philosophically, the EVA dollar 
amount for an individual project or 
even a company in a given period is 
less important than the idea that EVA 
will increase year to year. 

Also implicitly radical about EVA- 
driven IT investment is the demand 
that the IT project is measured along 
the established financial metrics ren- 
dered in the business case; compen- 
sation practices require postinvest- 
ment measurement in order to calcu- 
late EVA for every year in the life of 
the project. How many IT organiza- 
tions in this country have embedded a 
systematic, rigorous postinvestment 
measurement program to compare 
technology project financial returns 
against plan? How many fingers did 
you use to do the count? Two? Three? 

Under EVA, IT investment decisions 
are infused with a level of clarity and, 
perhaps more important, accountabil- 
ity that might not otherwise exist. We 
should be shocked if a company that 
embarks on the EVA way allows IT 
managers to juice their numbers in 
order to win project approval or to 
report EVA higher than is actually 
the case — as the reader claims. If this 
kind of fiscal jury-rigging is happen- 
ing, it’s doubtful that the company is 
truly EVA-inspired in the first place. D 


WANT OUR OPINION? 


For more columns and links to our archives, go to: 
www.computerworld.com/opinions 
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Make Learnin 
Mandatory 


WHO: Chuck Linebaugh, director of in- 
formation systems, O'Hagan, Smith & 
Amundsen LLC, Chicago 


PROBLEM: Relentless calls to the help 
desk from users who would repeatedly 
ask the same how-to questions about 
hardware and software they needed to 
use in the course of their work every day. 


SOLUTION: Design and deliver cus- 
tomized training to all employees, who 
must subsequently pass a series of certi- 
fication tests to fulfill their basic job 
requirements. 


ONTH AFTER MONTH, attorneys, 

secretaries and executives at 

O'Hagan, Smith & Amundsen 
were calling the law firm’s help desk 
with the same Windows, password and 
file-saving questions they had already 


asked — and received answers for 


dozens of times. Information retention 
was nonexistent, and the law firm was 
growing at a rate of 200% per year. Yet 
Chuck Linebaugh, director of informa 
tion systems, didn’t have the budget to 
hire additional workers to handle the 
relentless ringing on the help 
desk. 

Instead, he went to the 
firm’s lead partner with a pro- 
posal: Offer customized IT 
training to all employees, and 
make certification mandatory for 
everyone, from the top partners along 
Mahogany Row to the lowest-paid 
clerical worker. To sell the idea, 
Linebaugh used a financial argument: 
Pay once to train all employees rather 
than pay the recurring costs associated 
with expanding the help desk as the 
company grew. “Essentially, we told 
him, ‘Here’s how you can lower IS 


STEAL 
THIS IDEA 


costs,’ ” Linebaugh says. 

Lead partner Glen Amundsen not 
only agreed to the idea, but he also of- 
fered to be the first to go through the 
training and take the certification ex- 
ams that Linebaugh and his team sub- 
sequently dev eloped. 

To tailor the training to the firm’s 
employees, Linebaugh and three other 
people from IT sifted through the pre- 
vious year’s records of help desk calls, 
identifying 90 things that every worker 

— regardless of his job — needed to 
know in order to use the firm’s exist- 
ing technology. These items were then 
Win- 

dows 2000, file management, 
Microsoft Word and Microsoft 
3 Outlook. 


categorized into four areas 


Linebaugh’s team set about 
writing an extensive training 
guide, which took about four 
months, and testing it out on users 
during a series of pilot training classes. 
rhen came distribution of the manual, 
and studying and testing of users, 
which began in June 2000. By June 
2001, all 350 employees had taken and 
passed the certification tests, which 
are administered online and now are 
part of the firm’s hiring process 

Newly hired workers have three 
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months to pass the four exams. 

“We also built into the program an 
IS review,” says Linebaugh, explaining 
that workers’ compliance with compa- 
nywide IT policies and procedures, 
such as file-naming conventions and 
information storage rules, is tracked 
on an ongoing basis. These core com- 
petency reports are also a part of each 
employee's overall annual perfor- 
mance review. 

Linebaugh says he figures the train- 
ing course and user certifications have 
yielded a return on investment of 
about $400,000, thanks to a drop in 
secretarial and other support costs. 
More knowledgeable workers, includ- 
ing attorneys who handle their own 
e-mail and word processing, require 
fewer secretaries to support them. 

IT has benefited as well, Linebaugh 
says. “We now enjoy an easier work- 
load because of people's ability to an- 
swer their own questions. And when 
they do call the help desk, they’re 
more intelligent,” he says. 

As for the IT staff, “everyone is now 
working on higher-end projects. We’ve 
grown as a company in our IT maturi- 
ty — plus we didn’t have to hire anoth- 
er person for the support staff.” 

— Julia King 


QUICKSCAN: I'l’ Help Desks 


Need Help? Phone In That SOS 


75% of Fortune 1,000 companies are cut 
ng support costs by aminimum of 20% 
w? By 


the 


entralizing their help desk 
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Stamford, Conn. Figure in that the average 
user calls for help 1.25 times per month 
and the cost of deskside support costs 
$125 vs. $25 per call for support fron 


sk. The annual savings add up to 


the help de uf 


$1,500 per user 


IT Manager’s Note to Self: Help the Help Desk 


Overall Perception of Service 
Quality in Help Desk Function 


Company size: 


Fewer than 1 


30% 
PERCENTAGE 


50% 60% 


Putting a Face on Help 


Introducing the help desk to workers helps 
users see agents as people, not just a name- 
less group of techies at the end of a phone 
line. It also gives the help desk a chance to in- 
teract with users directly, according to John 
Ragsdale, an analyst at Giga Information 
Group Inc. His suggestions include: 


nal or national meeting 
> help desk staffers who 
e year. Offer the helr 


seminar at these 


et the Help Desk” booth once a 
afeteria. Users can walk 


t 


5 answered on the spc 


Offer user information sessions on specific 
rer in person or over the Web. Exam 
“Tips for Successful Upgrades” or 


“Getting the Most out of XP.” 


pies include 


Teleworkers Often 
Look Elsewhere 


Informal peer software support, also 
sthe 
rule, not the exception, among tele 
workers. Of 200 teleworkers sur 
veyed recently, 69° 
their company help desks for soft 
ware support, but 71% reported 
turning to “a colleague who uses 
the software” for support. (Multiple 


responses were allowed.) 


known as “Hey Joe” support 


said they use 


Carrying a disabled piece of equip 
ment into the office for repair is the 
most common way for teleworkers to 
obtain hardware service, reported by 
42% of users. It's also one way to 


maximize total cost of ownership. 


8% of teleworkers are expected 
to fix broken systems themselves 
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Howard Schmidt 


In an interview with 
Computerworld’s 
Dan Verton, the 
No. 2 official on 
the White House 
cybersecurity team 
responds to critics’ 
claims that the 
National Strategy to Secure 
Cyberspace, released Sept. 18 
in draft form, was watered down. 
What do you say to critics who 
charge that the national strategy 
lacks teeth to effect real change 
in the private sector? The easy 
answer is that the strategy is a frame 
pm through which change is accom 
shed, as opposec dto a mandate. We 
said all along that we're looking to the 
market force 
not for the governmer 
lictate how people shot 


enterp 


rise 


What happened to some of the 
tough language that some officials 
had been using publicly, particu- 
larly about the lack of mature se- 
curity technology from the wire- 
less industry and the need for 
Internet service providers to take 
more responsibility for providing 
home users with the information 
and tools they need to secure their 
systems? The industry started to do 
some of these things. For example 

ome of the cable modem companie 
now offer a link from their Web sites 
where you can download a fre 

onal firewall. The same thing ha 
pened with the wireless industry 
Since thi taken place 
there s been a treme 
research on how to secure wireless 
ystems. That's the beauty of making 
ument. As 
things change on the priorit 
can adjust the strategy 


t trategy a living doc 


What do you think about the opin- 
ions of some analysts who say 
that market forces alone aren't 
enough to effect real change in 
national cybersecurity? | think that 

3 selling the strategy short. The issue 
is that if you want to run a business in 
this interconnected world, you have to 
have security built in. It's not only part 
of the draft strategy for comment, but 
it's also good business sense. D 
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EVA as Fact, 
Not Ficti 


N EMPLO 


YEE of ahealthec 


care company in 


the South was inspired enough to write an 
-mail in response to my last column in- 


troducing economic value 


added (EVA) 


as a potentially powerful approach to IT 


financial measurement and 
management [QuickLink 
32476]. His e-mail included 
this passage 

“In your recent manage- 
ment article in the Sept. 2 
Computerworld, you used 
the term ‘quantifiable ben- 
efits. That’s the rub with 
EVA, some activities don’t 


JOHN BERRY is an IT 
management consultant 
and analyst in Bend, Ore 

He's currently writing 
a book about the mea- 
surement of intangible 
assets. Contact him at 
vision@according2jb.com. 


produce quantifiable bene- 
fits; they are just good busi- 
ness. An example would be 
hiring a security guard to 
protect a warehouse full of 
stuff. If you don’t hire the 
guard, somebody will steal stuff from 
the warehouse, resulting in a loss, but 
I would challenge anyone without 
Stephen King’s talent for writing fic 
tion to actually put a number on the 
benefit of hiring the guard. 

“The problem is really not so much 
that you can’t put a number on it, but 
that you can put any number on it... 
Simply put, the use of EVA encourages 
managers to make up numbers.” 

The writer’s first observation is well 
considered. Not every investment re 
quires a business case justification. 
Just as important as the security guard 
in the warehouse is a company’s need 
for a solid network; IT managers 
shouldn’t need to prove this. 

he last sentence of this reader’s 
polemic is the reason I am returning 
to EVA. In theory, the EVA approach 
to capital investment decision-making 
might motivate IT managers to exag- 
gerate their preinvestment assess- 
ments. When a cost of capital charge 


is assessed against an 
IT project’s estimated 
ROI, the total return is 
lowered; an ROI of 50% 
before EVA is 38% after 
the company’s 12% cost of 
capital is charged. Thirty- 
eight percent might be 

a respectable return, but 
perhaps not respectable 
enough when an IT project 
is competing against oth 
ers for scarce resources. 

A structural feature of 
EVA, however, discourages 
a manager’s inclination to 
juice the assessment numbers to win 
project approval. A cornerstone of 
EVA is 
under which ever} 


a bonus compensation regime 
penny of pay be- 
yond a manager’s base salary is at risk 
iepending on yearly EVA outcomes. 
If EVA is negative for the company in 
one year, no bonus. If EVA scales the 
baseline target, managers and employ- 
ees receive bonuses. If EVA is signifi- 
cantly higher than the base, the com- 
pany will pay several multiples of the 
bonus. Recipients of EVA bonuses will 
attest to the fact that nothing focuses 
the mind like pain — or money. In 
many, but not all, companies, EVA 
bonuses flow right down from man- 
agers to workers on the shop floor. 

Companies such as The Manitowoc 

»., Boise Cascade and Briggs & Strat- 
ton have undergone observable cultural 
change as EVA companies. IT managers 
there truly think differently in that they 
no longer regard company funds as 


other people’s money. Their business 


units are charged the cost of capital as 
well as the capital required for the proj- 
ect, and their personal compensation 
is on the line because of it. They tend to 
think more like owners than employees 
lypically, a company calculates the 
EVA of every IT project but scores the 
entire IT organization as a whole at 
year’s end. Is IT’s EVA positive for the 
year? More important, has IT’s EVA 
improved from the previous year? 
Philosophically, the EVA dole ir 
amount for an individual project or 
even a company in a given per riod is 
less important than the idea that EVA 
will incre 


Also implicitly radical about EVA- 


ise year tO year. 


driven IT investment is the demand 
that the IT project is measured along 
the established financial metrics ren- 
dered in the business case; compen 
sation practices require postinvest 
ment measurement in order to calcu 
late EVA for every year in the life of 
the project. How many IT organiza 
tions in this country have embedded a 
systematic, rigorous postinvestment 
measurement program to compare 
technology project financial returns 
against plan? How many fingers did 
you use to do the count? Two? Three? 
Under EVA, IT investment decisions 
are infused with a level of clarity and, 
perhaps more important, accountabil 
ity that might not otherwise exist. We 
should be shocked if a company that 
embarks on the EVA way allows I'l 
managers to juice their numbers in 
order to win project approval or to 
report EVA higher than is actually 
the case — as the reader claims. If this 
kind of fiscal jury-rigging is 
ing, it’s doubtful that the company is 
truly EVA-inspired in the first place. D 
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Experience a WITI Event... two remaining locations for 2002: 


Your opportunity to meet and network with women from all 
technology sectors worldwide... at one time... in one place... 
is running out! 


WITI and ITEC’s Massachusetts Technology Showcase present: 


WIT! Smart Partnering Boston 
Access to Experts, Strategies and Technologies 
October 9 

Hynes Convention Center w Boston, MA 


A cutting-edge program designed for women who consider technology central to 
their businesses, careers and professions. Gain access to Technology Trends, Personal 
Stories of Successful Professional Women, Smart Partnering & Strategic Alliances and 
Government Contracting Opportunities presented by successful top-tier professionals 


WITI and BiolTWorld Conference & Expo present: 
WIT] WOMEN IN LIFE SCIENCE FORUM 


November 12 
San Diego Convention Center w San Diego, CA 


A special forum featuring panel discussions and presentations from leading women 
executives within the growing Bio-IT industry. At the WITI Forum during 
BIOITWORLD, you'll gain unique insight into career development, business strategies, 
current life science trends and valuable networking opportunities 

Don’t miss us at the WIT! Booth... 
During GBET- LA 


October 23-24 w LAConvention Center w Los Angeles, CA 


Your Access to Success... 
WITI PROFESSIONAL ASSOCIATION 


Your best investment is your professional network. 
Get Connected — Become a WITI Member or WITI Small Business Member... 


Join Now! 
OMEN IN TECHNOLOGY 
WI | feces nase 


Advancing Women Through Technology 


For more information or to register, visit our website witi.com or call: 1-800-334-9484. 
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firstRain, Inc. is a leading soft- 
ware developer that markets 
and sells a family of software 
products for web services, busi- 
ness portals and mobile infor- 
mation solutions. We currenily 
have multiple openings for senior 
software developers, software 
engineers, and product specialists. 
firstRain, Inc. provides a dynamic 
and creative work environment 
in which to learn and grow your 
skills. We provide the opportunity 
to work on some of the leading 
internet and/or wireless web 
based technologies being devel- 
oped. Excellent compensation 
and benefits package. Please 
respond via e-mail to careers 
@firstrain.com 


Computers-Database Analysts 
needed. Seeking qual. cand 
possessing MS or equiv. and. 
or rel. work exp. Rel. exp. must 
include 1 yr. working with Oracle, 
J2EE & Java. Supply Chain 
Management software preferred. 
Work with 3 of the following 
Oracle, Java, J2EE, Serviet 
Rational Rose, P4/SQL, Unix 
Fwd. resume & ref. to: Cleartrack 
Information Network, Attn: HR 
5301 Virginia Way, Brentwood 
TN 37027 


Systems Analyst: Analyzes user 
requirements, procedures and 
problems to automate processing 
or to improve existing computer 
system. Must be able to travel 
extensively. Bachelor of Science 
or equivalent in Computer Science. 
Engineering or Math related and 
2 Yrs experience in job offered 
Included in the 2 yrs. Job exp 

WFMS, XPDL, AFEB, XML Web 
Services, DB2 on OS/390, ERWIN. 
RUP, J2EE, .NET, VIGNETTE 
V5,TCL.XSL, Xpath, WIN 2000 
NT, UNIX 


Apply by resume only to Human 
Resources Department, Capricom 
Systems, Inc. 3569 Habersham-at 
Northlake, Building K, Tucker. 
GA 30084 


Sr. Programmer Analyst sought 
by s/ware co in Manhattan, NY. 
Must possess 4 yrs exp in 
devipmnt of bus. applications 
Email resume to: recruit@ 
ftisoft.com. Heading: NYR I! 


NEED TO 
ili 


Par \ amb 
UE 


IT careers.com 
reach more than 
2/3 of all US IT 
workers every 
week. If you need 
to hire top talent, 
start by hiring us. 


Call your 

IT careers Sales 
Representative or 
Janis Crowley at 
‘1-800-762-2977. 


ITCAREERS 


where the best get better 


SYSTEMS ANALYST: Analyzes 
user requirements, procedures 
and problems to develop a new 
product and to improve existing 
computer systems. Must be able 
to travel extensively. Bachelor 
of Science or equivalent, Engi- 
neering or Math related and 2 
yrs experience in job offered. 
Included in the 2 yrs job exp in 
Oracle Financials 11i, HR/Payroll 
11i, CRM 3i applications on GL 
AR, AP, OE, PA, OAB, SSE, FS 
TS, OSC, AOL, CE. HR, FSG 
AOL, Fast Formulas, Unix script- 
ing, Pro*C, Brio Reports, Noetix 
views and Oracle Discoverer 4i 
Security alerts, API's, Designer 
2000, VSS and web too! kit 


Apply by resume to Human 
Resources Department, Capricorn 
Systems, Inc. 3569 Habersham-at 
Northlake, Building K, Tucker 
GA 30084 


Systems Analyst - Design, pro 
gram & implement applications 
for var. business immigration 
related s/w projects. Req. Bach 
elors in Comp. Sci., MIS or Comp. 
Engg. + 1 yr exp. Contact: Inter 
national Systems Technologies. 
Inc., 1812 Front Street, Scotch 


Plains, NJ 07076 


Technical Lead needed for high 
level architecture of client/server 
& e-business systems, dsgn 
dvip n-tier Supply Chain Mgmt 
applics w/3rd party applic/com 
merce servers using tools such 
as BEA WebLogic, Websphere. 
OO tools, Java, Java Server 
Technology, J2EE, Unix & Win 
Up to 40% travel reqd. Send 
resume to IMI, 305 Fellowshig 
Rd, #200, Mt. Laurel, NJ 08054 


ProgrammerAnalyst. Analyze 
develop, plan and test mainframe 
web based and client/server 
software applications using 
Cobol, PL/I, TSO/ISPF, MVS 
JCL, VSAM, CICS, DB2, Unix 
Windows. Demonstrated ability 
working with Cobol, PL/I, TSO 
ISPF, MVS,JCL, VSAM, CICS. 
DB2. $55,000/yr. 40 hr/wk. 9:00 
a.m. - 5:00 p.m. Must have 2 
years exp (or 2 years exp in 
related occupation of Systema “s 
Executive). Send 2 copies of 
resumes: Job Order# 2002-436. 
P.O. Box 989 oncord, NH 
03302-0989 


SAP H.R APPLICATIONS 
CONSULTANT, 8am-5pm, Re 

search, develop and design 
computer software systems as 
they relate to HR management 
functions such as payroll, bene 
fits and time management. Re 

quired: proficiency with SAP HR 
and SAP ABAP/4, ASAP Cert 

B.S. in IT or related field, or 
equiv. Cedar inc., Send Resurne 
glenda.soderstrom @ cedar.com 


or fax: (410) 752-2879. 


|B Mer Via aes 


Software Engineer. Design and 
develop web based andclient 
server based software applica 
tions using software development 
tools suchas Oracle, C++, De 
signer 2000, Developer 2000 
Forms and Reports, PL/SQL on 
Unix and Windows NT platforms. 
Demonstrated ability working with 
Oracle,Designer 2000, Developer 
2000. Demonstrated ability work 
ing with C++, PL/SQL,Unix and 
Windows NT. $75,000/yr. 4¢ 
hr/wk. 9:00 a.m. - 5:00 p.m. Must 
have Master of Science ir 
Comp. Sci., Eng., Elect, rei fie 
equiv and1 year exp. (or 1 year 
exp. in related occupation of 
Database Developer/Software 
Developer/Programmer Analyst 
Send 2 copies of resumes bo 
Order #2002-032, P.O. Box 989. 
Concord, NH 03302-0989 


SYSTEMS ANALYSTS for 
brook Terrace, IL office. Must be 
able to evaluate, analyze, design 
configure, deploy, debug, provide 
user acceptance, pian imple 
mentation, and integrate witt 
other systems, applicat 
data conversion. Shall manage 
and support high availability sys: 
tems, disaster recovery, bac! 
and storage Arrays. Shal 
working under the supe 
a Project Leader/Manager Skills 
4+ years UNIX systems and 
application administration and 
previous experience with Sui 
HPUX, AIX and AS400 
ys Degree in Computer 
science or related field of stuc 
40 hrs/wk. ONLY QUALIFIE 
U.S. WORKERS NEED APPLY 
Send Resume to HR manager 
Nextek Systems Inc. 18W 14: 
Butterfield Road, 15th Floor 
Oakbrook Terrace, IL 


A rehabilitation services compz 
located in Warren, M 

2 openings for system < 

The positions require a minirr 

of a bachelor's degree or equivalent 
in computer science, eng! ; 
or any field with computer courses 
and at least six months experience 
as a programmer. Responsibilities 
include: preparir 
troubleshooting hardware/ software 
and reviewing computer 
capabilities. Send 
Administrator, Therapeu 
Connection, inc 8111 Hoover 
Suite 7-B, Warren, Michigar 
48093 


Software Engineer wanted by 
Houston 


front-end and testing applications 


and perform related duties t 
clients. M.S. in Computer Science 
and 2 years related expe 
required. Ser 

Solutions LLC 


Redwood, Pasadena 


A Rehabilitation Service: 

pany in Warren, Mi needs a Sys 
tems Analyst. Jot 

utilizing technical expertise 
computer sciences to des 
and coordinate changes to corr 
puter software and hardware 
systems; reviewing descript 

of changes to software. Requires 
a Bachelor's degree or equivalent 
in any field with courses in Soft 
ware Technology and 1 year 
experience as a Systems Analyst 
or a Programmer. Send Resume 
Administrator, Mobility Plus Rehab 
Services, Inc. 11554 12 
Road, Warren, Mi 48307 


Project Leader. Supervise, manage 
and lead a team of Computer 
Software professionals designing 
and managing databases and 
designing and developing appli- 
cations using UNIX, C, C++, VB 
in an RDBMS (e.g. Oracle. 
Sybase). Activities include de- 
bugging, database modeling 
performance tuning & optimization 
of program execution, memory 
management using operations 
research techniques including 
linear programming & dynamic 
programming. Must have Master's 
degree in Comp. Sc., Engg. plus 
4 yrs. of exp. in the job duties or 
in Comp. S/W dev and/or con 
sulting and/or managing of 
Comp S/W projects, teaching 
engg./SW prof. Must have prof 
ciency in UNIX, RDBMS, C 
C++, VB, LP and dynamic pro 
gramming. 40 Hrs./wk., $72 

yr. Must have proof o' 
authority to work in 

Send your resume to the lowa 
Workforce Center. Watson 
Powell Jr. Way, Des Moines. 
lowa 50309-17237. Please refer 
to Job Order 1A1101611. Em 
ployer paid advertisement 


Royal Caribbean Cruise Lines 
DATABASE ADMINISTRATOR 
Provides database administration 
for DB2/400 & Microsoft SQL 
Server databases, including: log 
ical/physical database design 
& implementation, performs 
backup & recovery, implements 
& monitors database security. 
conducts performance monitoring, 
troubleshoots problems & builds 
proactive processes to prevent 
recurring problems. Establishes 
& manages data movement 
strategies by developing stored 
procedures & using replicatior 
tools. Environment is a multi 
abyte environment consisting 
of AS/400, SQL Server & Oracle 
Jatabases servicing Internet 
intranet & several distributed call 
strict service levels 
req's. Will work with: AS/400 DB2 
ver. 4.5 and 5.2 SQL Server 2000 
Data Mirror, Mimix, Turnover 
RPG, SQL, Erwin, Store Proce- 
dures. REQ: 4 yrs. similar exp 
such as work as a Database 
Analyst or Programmer. Will con- 
sider applicants w/ any suitable 
combination of education, training 
>r exp. Send resume to: Mr. Jay 
Rombach, Royal Caribbean 
Cruises | 1 Caribbean 
Way, Miami, FL 33132 


Office Automation Analyst. Assists 
Pres./ Sr. Mgmt. in investigating 
resolving software/ hardware 
problems, such as client database: 
electronic mail/ operating sys. 
and with software/ hardware 
nstallatiory training; call vendors 
to research software/ hardware 
based solutions to administer: 
ptimize use of machine equip. 
cleaning products, work assign 
ments, cleaning crew follow ups 
work hours/ billing. Req. Associate's 
S f equiv. & 2 yrs 
exp 2 yrs. in Systems Analyst 
position(s). Resume: H. Tijman 
American Detail Cleaning Corp. 
11600 Nebel St #200 


Rockville, MD 20852. No calls. 


JAVA DEVELOPER to research 
& develop back-end 

omputer software systems 

using knowledge of J2EE platform 
mpetitive salary. Degree & 
}exp. required. Resumes to 
Marissa Henning, Severn Trent 


stems, 20405 St. Hwy. 49. 


#600, Houston TX 77070 


Senior Software Engineer will 
perform software design and 
Programming to support data 
conversion on a major human re- 
sources and payroll data pro 
cessing application. Will participate 
in program design and code 
review, establish and control pro- 
ject scope, goals and analysis 
and support outbound imple 
mentation and additional con 
version projects. Requires Bach 
elor’s or equivalent in Computer 
Science, Engineering, Mathe- 
matics, or Physics, pilus two (2) 
years experience in Job Offered 
OR two (2) years experience in 
developing Ore applications. 
Candidate must also possess 
demonstrated expertise creat 
and modifying Oracle Fast 
mulas; demonstrated expertise 
implementing and customizing 
Oracle HRMS and Payroll; and 
demonstrated expertise devel 
oping U.S. payroll software 
applications. Salary: $69,325/yr. 
M-F, 9AM-5PM. Send 2 resurnes 
to Case #2002-262, P.O. Box 
989, Concord, NH 03302-0989 
EOE. Applicants must be workers 
eligible to accept full-time em 
ployment in U.S. 


J.M. Smith, an enterprise tech 
nology company for the pharma: 
ceutical/medical industry currently 
seeks applicants for the following 
position in its Spartanburg, SC 
location: Senior Programm 
Communications to resez 
design, develop, test and 
mance tune PC-based applica 
tions for the medical industry 
utilizing Seria! Communica 
applications and networking 
technologies. Applicants for this 
position must have a bacheic 
degree Computer Scier 
Engineering or related field plus 
3 years of experience to include 
software development experience 
with Visual C++ and C++ multi 
threaded programming and TCP 
IP, X25, VPN, Java serviets and 
other networking technologies 
This is a 40-hr/wk salariec 

tion. For consideration, please 
forward your resume to: J.M 
Smith, Attention, Jo Walker, P.O. 
Box 605 Spartanburg, SC 
29304. Please do not email or 
fax resumes. EO 


Infodat International, inc., is a 
full service information systems 
solution provider. We have posi 


tion openings for 


Programmer Analysts: To design 
develop and implement Oracie 
and Product Design, Manutac 

turing Applications using Oracle. 
Oracle Developer, SQL, PL\SQL 
C and C++ based on UNIX and 
Windows Operating Systems. 
Develop and test interfaces 
between Oracle and legacy 
systems. Need Bachelor's in 
Computer Science or related 
field. Need 2 years of experience 
in a related occupation 


Send resume to: Maila Mekaia 
President, infodat Internation 
300 Richmond Avenz 
Houston 


Programmer Analyst: Design & 
Jeveiop software a Ns using 
UNIX, MV COBOL, VSAM 
JAVA, C, C++, ATG Dynam 

Sheli scripts; integrate Legacy 
system using TIBCO (BW, IM 
RV, & SDK); and implement 
Autonomy PIB. Responsibilities 
also include performance tuning. 
production support & trou 
bleshooting of operating problems. 
Must have Assoc. deg. or equivalent 
in Comp. Sci & 3 yrs of relevant 
experience. Job in Charlesten. 
WV & other locations. $60K/yr 
Send resume to HR, U.S 
Professionals. LLC 200 
Association Dr., Charleston V/V 
25311. Fax (888) 250 5888 
Email: jobs @uspcorp.com Ref 


PA-WVC 


Computerworld + InfoWorld * Network World + October 7, 2002 


Principal Software Engineer. 
working within Company's 
Employer Services bu 
unit, will be responsible for 
porting and developing the unit's 
tume keeping database, particu 
arly with respect to client imple: 
mentations, enhancements and 
bug resolutions. Will apply 
knowledge of Oracle inte 
Oracle tuning techniques, Oracie 
development, Oracle Reports 
Oracle HRMS, Unix and various 
software development enviror 
ments to provide this software 
systems application development 
support. Requires Bachelor's 
Degree or equivalent in Computer 
Science, Engineering, Math, or 
Physics and five (5) years expe 
rience in job offered or five (5 
years experience developing 
database applications in a UNIX 
er onment Cc didate must 
also possess demonstrated 
expertise in design, development 
and performance tuning of time 
management and HRMS systems. 
demonstrated expertise 45S: 
tomizing Oracle HRMS applica 
tions in PL/SQL and design 
and developing Oracle Reports: 
and demonstrated experience in 
a full t c 
impiementation. Salary $80,000 
9:00AM OPM 
Sopies of resum 
#2002-150, P.O. Bec 
Concord, NH 03302-098' 
E. Applicants must be worke: 


nternet Solution Developer 
Research, desigr 
tain, support 0 
using Java, C#, Microsoft.Net 
Framework, SQL Server 2000 
XML and other advanced tech 
ogies. Design and develop 
interactive web sites for data 
warehousing and data mining 
that enable subscribers to access 
specified database. Maintain and 
manage the SQL2000 server 
jatabase of subscribers. Require 
a bachelor degree in computer 
science plus two yr. exp. on jot 
ffered or 2 yr. exp. in a related 
d. Apply to: Digital Designs 
Inc. 1501 Charlotte Ave., Monroe. 
28110, Attn: Mrs. Buckner 
ibuckner @ ddilink.com 


et solutions 


SAP Consultant - Waltham, MA 
Requires ABAP Module with 
experience in Workflow, SAPscript 


ALE, ED! c. Strong commu: 


willingness to travel 100% within 
US. Send resume ATT: HR De 
partment, Plaut Consulting, Inc 
1050 Winter Street, Suite 2300 
Waltham, MA 


PHONE CALLS 


IT Manager: manage projects tc 
ure efficiency and budget 
guidelines are met; supervise 
work of developers, testers, and 
business analysts in their day-to 
Jay activities; monitor and re 
e Payroll System Adminis 
ation requests and issues. 
rface with users to resolve 
system issues; interface with 
corporate departments to ac 
2S business needs and sys 
tem requirements; and research 
S initiatives for the departr 
Minimum requirements: Ma: s 
degree in Business Aciministra 
tion with a concentration in CIS 
or related field, plus 1 yr. previous 
exp. or 1 yr. programmer analyst 
exp. using SQL, MS Access, and 
vB. 


Must have indefinite right to work 
in U.S. Mail resume demonstrating 
minimum requirements to: Auto 
Nation, JOB 604, 110 S.E. 6 
Street, Ft. Lauderdale, FL 33301 





tT) careers.com 


Tobin International, Ltd., a leader 
in designing land management 
software applications for the oil 
and gas industry. Seeks applica- 
tions for the following positions 
which are located in Denver, Col 
orado and/or Houston, Texas 
Please send resumes by mail tc 
Frances Gonzales, Tobin Inter 
national, 1625 Broadway, #500. 
Denver, CO 80202. and please 
specify the job |.D. number of the 
position that you are applying for 

GIS Solutions Architect 
Develop and implement GIS and 
Geospatial software and data 
base solutions and applications. 
Requirements include two years 
f experience designing, devel 
J and implementing GIS 
software and database solutions 
and working knowledge of Oracle 
databases and ARC 

yb 1.0. Number: 101 


pin 


e r Software E veer 
Senior Leve 

Designing developing and sup 
porting integrated object-onented 
software applications that incor 
porate Oracle relational data 
management software 
sirements include 
t, three 
rience, Power 
4 working knowledge 

and deve 


> app 


ngage in full | 
Jevelopment of software appli 
ns that incorporate Oracle 
ai database management 
s. Requirements inciude 
e or equivalen' 
ience in this 
pment 
ba: and 
wledge of designing 


and gas soft 


3 

Administrator 

aintain and ad: 

elational data 

ager systems 

ngage in database and related 

software application design and 
pment. Requirements i 

Jegree 
f Oracle database ad 
n experience, working 


sdge of S administra 


ngage in data 

n from legacy systems 
agement oil and ga 
plications. Require 
Je master’s degree 
expe 
wersion from 
Oracle, working 

wiledge land management 


years of 


ze AS400 RPG 

Site: Camaritic 
degree in Computer 
Science or Computer Engineering 
uired. Send resume to Mr 
\derson at Lundberg Survey 
P.O. Box 6002, Camarillo, CA 


93011-6002 


Kbkids.com, a leader in e com- 
merce, seeks applications for the 
following positions which are 
located in Denver, CO. Please 
send resumes by mail to Francis 
Gonzales, HR Dept., Kbkids.com 
1099 18th St., Ste. 1000, Denver 
CO 80202 and please specify 
the job |.D. number for the position 


you are applying for 


Sr. Software Engineer 

Design and develop, at a senior 

level, web-based and three-tier 

software applications that control 
cle relational database man 


requires a masters degree or 
equivalent in computer science. 
CIS, electronics or a related field 
and four years experience 
designing and developing Oracle 
Jatabase software applications 
and related skills. An applicant 
must also have working know! 
edge in a number of areas in 
cluding Designer 2000, Oracle 
Reports and object oriented 
Jesign and analysis methodolo: 


gies. Job 1.D. SSE 


Sr. Database Administrator 
Develop and administer Oracle 
Jatabases that run on the UNIX 
and Linux platforms. install and 
maintain database documentatior 
and patch applications. Engage 
in capacity planning, systems 
analysis and design, application 
program development and 
proactive performance analysis. 
monitoring and tuning. Perform 
hot backup andby data 
bases and data guard configura: 
tion. Design, « jure and 
administer Oracle Parallel and 
Real Application Cluster Dat 
Servers. Engage in data ¢ 
Vmigration, development of 
and project proposa 
t management. The 
quires a bachelor’s 
reign equivalent in 
Computer Science or related 
field (includ Engineering 
and 4 yr We using the 


technologies gi above. Jot 


IT Mgr/infrastructure Grp. 
Global firm sks mgr w/ multicult! 
int! IT exp to head logistics/netwk 
design grp ($3M budg 18 emps 
8 facs) & coord crit issues (glot 
finan, techn & strat bus plann) 
meet 2X/yr w/Germ Head Off's 
mar directors & coord softw 
issues monthly w/centr purct 
Jept.in Germ 
Specif duties: Util well-dev 
know! of Germ bus cult, manag 
mplem of mjr glob prits in multic 
cou & cult envmts, Microsoft 
Novell, Netware 3, 4 & 5, Ether 
net & Token Ring netwks, Sniffer 
j, anal of netwk protocs 
tracing netwks, protocs inci Net 
BIOS, IPX, routing & IP, LAN 
WAN/MAN TeiC twk plan 
design, budg contr, disast recov 
stdz hdw/s¢ neg 


wiexter 


specific knowi/duties as above 
OR 


xp incidg 2 yrs IT mgr 
same specific duties 


related fieid 
in the Trading 
stems developmentv/analysis 
Jesign. Respond to: Hum: 
Resources Department TJX810P: 
Knight Trading Group, Inc 
Washington Bivd., Jersey City, 


NJ 07310 
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ECAL Solutions Inc. provides 
chemical analysis services and 
specializes in providing computer 
and information technology 
solutions services through its 
highly qualified and committed 
professionals. We are looking for 
the following positions 


Systems Analysts 


Analyze, design, develop, test 
and implement computer appli- 
cations for clinical data manage 
ment using C++, Visual Basic 
UNIX, and Oracle. Create, edit 
and test logical and physical 
database applications using 
SAS Editor and validate data us 
ing Recorder. Direct case report 
form design, generate data 
Cleanup specifications, implement 
database design support, create 
test data, review, conduct query 
and resolution of clinical data 
implement database finalizations. 
and maintain study documenta 
tion. Perform user acceptance 
testing, regression, and functional 
testing. Requires a Bachelor’ s in 
Computer Science or a related 
field and 2 years of experience 
as a Software Tester/Analyst 


Send Resume to: HR, ECAL 
Solutions Inc., 9207 Country 
creek Drive, Suite # 207, Houston 
Texas 77036 or via e-mail at 
hr@ecalsolutions.com 


Cedar Enterprise Solutions, Inc 
a software, consulting and ser 
vices organization has an open 
ing for a Systems Analyst. The 
job duties include: Analyzes user 
requirements, procedures, and 
problems to assess Client's busi 
ness and systems environment 
including project plan develop 
ment, staffing, day-to-day project 
management to include man 
nt of multiple large pr 
problem resolution, and 
ntar v verall client satis 
faction on multiple projects. Di 
rect responsibility for ensuring all 
phases of projects carried out in 
accordance with project plan 
including staffing, management 
of multidisciplinary work teams 
and maintaining right mix of 
skilled/experienced consultants 
on each project. Will oversee 
administrative reporting. The po: 
sition is based out of the Baltimore 
MD office and the position re 
quires constant travel to client 
sites ated throughout the 
United States. M 
Bachelors Degree in Computer 
Science and a minimum of two 
(2) years of experience in the 
UMES ONLY. Send 
»: Cedar Enterprise 
utions, Inc./HR, 100 
Pratt Street, 16th Floor, Balt 


MD 21202 


Software Engineer for 


manufacturer in Peachtree 
GA. Requires a Bachelor's degree 
in Computer Science and tw 
years experience overseeing the 
software development life cycle 
including conferring with business 
analysts to determine user re 
quirement: ondu tware 
requirement analysis, performing 
bject oriented and graphical 
user interface di in and 
mentation, and testing, deploy 
} and maintaining software 
systems. Send resume to Margaret 
Abel 
Highway 
City, GA 3026 


1g BS 
work exp. Re oe 
include 2 yrs. working with ¢ 
Work with 3 of the 
following: ERP, Siebel, Clarify 
Oracle, SQL Server, Clear Basic 
Fwd. resume & ref. to Mahan 
Tech. Corp., Attn: HR 4803 
McCorkle Ave., SE, Charleston 


WV 25304 


MAGNA INFOTECH, a fast 
growing consulting company 
is looking for Programmer. 
Analysts, Software Consultants 
and Software Engineers with 
experience in one or more of 
the following 


ERP:Sap, Baan Implementation 
Tools, Admin 


UNIX: C++, Shell, AIX, HP. 
UX, Solaris Admin, Networking 


AS/400: RPG/400, COBOL 
400, CL, BPCS, JD Edwards 
Syno 


WINDOWS: VC++, VB, PB 
MFC, OLE/COM, Admin 


REAL TIME: Microprocessor 
RTOS Programming 


INTERNET: Java, Javascript 
CGI, Perl, WAP, Admin, Active 
P 


DATABASE: Oracle, Informix 
Sybase, DB2 Admin Developer 
2000, Designer 2000 


Sales Manager / Marketing 
Manager; must have at least 2 
years of Sales experience, BA 
Degree or Foreign Equivalent 
Degree basic come 


skills 


Multiple positions exist at 
various sites across the US 


if you are interested please 
mail your resume clearly 
mentioning the reference 
number Cwo0300 to 
Attention Recruiting Dept., 
Job Ref. CW1000, Magna 
Infotech Ltd. 1 Padanaram 
Rd., Suite 208, Danbury, CT 
06811-4833. 


b Developer 
wanted by Internet s 


TX. Re 


Respond r to: Mr 
Mahesri, P/Q, Xf Solutions 


2425 Wes S., Ste 


Database Admir | 
nwood, IL) 


maintai 


anisms with the 40-bit and 128-bit 
versions of the Secure Sockets 
Layer. Relevant degree(s) also 
required. Qualified applicants 
submit resumes to HR Dept 

Silicomm Corporation, 5335 Far 
Hills Ave., Suite 222, Dayton, OH 


45429 


ProgrammerAnalyst. Design, de- 
velop, implement and maintain 
client server web based applica- 
tions using SQL, Transact SQL. 
MS SQL, SQL Sorter, HTML, QA 
Partner,Silk, Win Runner, Load 
Runner, Test Director, Oracle 
Sybase, MS Access, LotusNotes, 
C, Pro*C, Forms, Unix, Windows. 
Demonstrated ability workinc 
with SQL,Transact SQL, MS 
SQL, SQL Sorter. Demonstrated 
ability working with HTML, QA 
Partner, Silk, Win Runner, Load 
Runner, Test Director, Oracle 
Sybase, MSAccess, Lotus Notes, 
C, Pro*C, Forms. $55,000/yr. 40 
hr/wk. 9:00a.m. - 5:00 p.m. Must 
have Bachelor of Sciencein 
Comp. Sci., Eng., Mgmt Sci., rel 
field/equiv.and 2 years exp.(will 
accept the equivalent of the degree 
in any combination ofeducation 
and/or experience). Send 2 copies 
of resumes: Job Order # 2002 
406, P.O. Box 989, Concord, NH 
03302-0989 


Training Representative/Pro- 
grammer 

Develop & test training programs 
for industrial & commercial 
clients incl. policy & reference 
manuals & other documentation 
pertaining to the clients’s 
equipment, org. processes, prod: 
ucts and/or services. Deliver 
training on VALPA series-VALPA 
Functional Overview Training. B.S 
nm CS or rel. w/abil. to 
use Marcomedia Authorware. 
Dreamweaver, Adobe Photoshop. 
HTML, Basic, C++, Microsoft 
Windows NT4, Novell Professional. 
NT (workstation & server). Must 
have familiarity of training methods 
& resources used for employee 
training, and be fluent in both 
English & Spanish. 40.0 hr/wk 
9-5. Send resume to: Ms. Deborah 
E. Compston, HR Assistant 
Bianco Hopkins & Associates 
Inc., 5835 Peachtree Corners 
East, Ste. A, Norcross, GA 
30092 


Programmer Analyst at our Cedar 
Rapids, lowa location. Develop 
and maintain online appiication 
Programs and back-end batch 
programs; test and document 
computer programs; evaluate user 
requests for new programs; and 
assist users in solving operating 
problems. Must have three years 
experience or three years experi 
Ice as Programmer, and knowl 
edge of Oracle, EIS, PL/SQL 
Pearl, Crystal Reports, and C 
Send resume with cover letter to 
APAC Customer Services, Inc 
Attn: Cindy Corkery, 6 Parkway 
North Center, Deerfield, IL 60015 
EEO/AA 
APAC CUSTOMER SERVICES 
INC.., is not affiliated with APAC 
Inc., the road paving and con 


struction materials company 


TRIDENT SOFTWARE CORP. 


a S/ware C J >o. seeks 


Analyst 


must have 


science & 
s/ware exp 


Send resume to: Trident Software 


Avenue, Oak Park, IL 


Mr. Unmest 


Sr. Programmer A 
ment, maintair 
complex SAP BW 

form data extraction and trans 
formation from SAP R/3 and 
non-SAP sources to SAP BW. 
Build complex queries and reports 
in SAP's BEX reporting tool 
Maintain, automate and enhance 
data loads and extractions for an 
Informix Data Mart in a Unix 
environment. Must have Master's 
Deg in Comp Sci, Physics or Eng 
& 2 yrs in job. Contact: MECA 
Personnel Dept, One Panasonic 
Way, Pana Zip 3C-6, Secaucus 
NJ 07094 


Computerworld + InfoWorld * Network World + October 7, 2002 


COMPUTER PROFESSIONALS 
Computer s/ware co. in Manhattan. 
NY seeks Programmer/Systems 
Analysts/Softwre Engrs/DBA's. 
All positions require Bach degree 
in Comp Sci/Comp Eng/Math or 
ritd field & 1-3 yrs exp. Email 
resume to: recruit @ftisoft.com 


Heading: NYR 


Hardware Engineer (ASIC Design) 
Design, code (Verilog), synthesize, 
test greater than 100k-gate RTL 
modules working on high-speed 
(greater than 150 MHz), high 
complexity (>3M gate) ASICs 
and FPGAs utilizing networking 
protocols-Fiber Channel, IP, etc. 

Micro/RISC-processor designs 
and storage protocois-iSCSI 
SCSI, etc., Orcad, PADS 6.0, Xilinx 
in Linux/Sun. Prevailing wage & 
benefits. Send resume to Susan 
Chitsaz, iVivity, Inc 5555 
Oakbrook Parkway, Ste 280. 
Norcross, GA 30093. 


information Tech Project Manager 
for a Computer Parts Distribution 
Co. located in Miami, FL to analyze 
Business Requirements, Propose. 
Design and Implement Enter 
prise-wide Solutions involving 
related Database, Software 
Programming, Networking and 
Telecommunications compo 
nents. BS in Computer Engi 
neering, foreign equivalent or 
related field is required. 3+ years 
of experience. Fax resume to 


305-639-2371 


Systems Programmers. Multiple 
»penings. Must have Bachelor's 
in Computer Science/related 
field or its equiv., and min. 2yrs 
IT exp. Coordinate, supervise 
installation of computer operating 
system software. Test, maintain 
modify software. Coordinate 
installation of new computer 
hardware. Websphere and BMC 
Patrol Administration. Train other 
ssionals. 40 hrs/wk 
9AM-6PM. Competitive Salary 
Send resume to: Webmaxima 
Inc 3422 Old Capitol Trail 
#1073, Wilmington, DE 19808 
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Paradigm Infotech is looking 
for programmer/system analysts, 
s/w engineers. Candidate must 
have BS with at least one-year IT 
experience. Good skills in C/C++ 
Java, Oracle, WebLogic, VB, HTML 
are plus. Traveling is required 
Apply jobs @ paradigminfotech 
com. EOE 


VPD has openings for Sr. Pro 
grammer/Analysts responsible 
for all programming changes 
made to the VPD e-commerce 
web site, which is PROGRESS 
based. Build PROGRESS based 
reporting data warehouse. Mini- 
mum BS/MS plus epx. Send 
resumes to jobs @ vpdinc.com 


Multiple positions available for 
computer professionals including 
Soft. Eng.’s, P/A’s, Systems 
Analysts, Network Analysts, 
Systems Admin.'s, SW Develop- 
ers, Website Developers. Locations 
vary. Openings now w/leader in 
the field including TEKsystems, 
Onsite, and Allegis Group. Req's 
travel & degree (Bach. MS, or 
equiv.) in relevant field. E.0.E 
Competitive salary & benefits 
Resume to: J. Brigham, Allegis 
Group, HR; 7301 Parkway Drive 
Hanover, MD 21076. ID Job No. 
10-01-2002 


© 
| 

| A= 

| —sxusort 


| PEOPLE WITH THE FOLLOW 
| ING SKILLS NEEDED FOR 
ASSIGNMENTS THROUGH 
} OUT THE USA. ORACLE 
SYBASE, POWERBUILDER 
| AS400, PROGRESS, UNIX 
| SYS ADMIN, NATURAL, SQU 
SERVER, JAVA, INGRES 


SAS, VB, HTML. PLEASE | 


MAIL RESUME TO DIR 
| RECRUITING, Skillsoft Inc 
20283 State Road 7, Suite 300, 
| Boca Raton, FL 33498, U.S.A 
www. skillsoftusa 


Senior Consultants needed 
Several positions available for 
qual candidates poss MS/BS or 
equiv and/or rei work exp. Rel 
exp must include 3 yrs working 
with Rational Rose, Lab View 
5.1, and Distributed Control 
System. Knowledge of Active 
Directory, Site Minder 4.6, ATL 
COM C++ and Vignette pref 
Send res, ref, and salary req to 
Entelligence, 1177 West Loop 
South, Suite 1550, Houston 


Texas 77027. 


Biaely (er 
by more 
hiring 
managers 
than any 
IT space 


IT CAREERS 


Mercury Interactive Corporation } 


is the world’s leading provider of 
solutions that automate testing 
quality assurance and application 
performance management for 
e-business, enterprise resource 
planning, and client/server ap 
plications. 

Mercury and its subsidiary, 
Freshwater Software, currently 
have exciting opportunities avail 
able at our worksites throughout 
the US, including Sunnyvale. 
CA; Boulder, CO; Dallas, TX for 
the following positions (all levels 
‘all types) 


* Software Engineers (& Consul 
tants) 
systems Analysts/ Engineers 
& Consultants) 

« Network Engineers. 

Unix Administrators 

* Database Administrators 

* Technical Support Engineers 

* Product Managers 

«Customer Support Analysts 


Please send resume to Mercury 
Interactive Corporation with cover 
letter to Human Resource Dept 

fax: 408-822-5514 or email your 
resume to jobs @merc-int.com 
For additional information on these 
and other positions, visit our web 
site at mercuryinteractive com 
Mercury Interactive Corporation 
is an equal employment oppor 

tunity employer committed to the 
development of a diverse work 

force. 


MERCURY INTERACTIVE 


Project Manager — San Jose, CA 


Responsible for design, devel 
opment, testing and implemen 
tation of eExtend program. inter 
face with global customers 
coordinate schedules, overall 
project plans, documentation 
and problem escalation to meet 
deadlines. Provide technical con 
sulting and project management 
expertise: consult with team re 
garding project proposal, cost 
benefit analysis, risk plan, com 
munication and project assump 
tions. Bacheior’s degree must be 
in Computer Science, Engineering 
or related fieid. Must have one 
year of experience as Project 
Manager or Senior Software 
Engineer, and one year of exp 
rience with: Project Manage 
ment (including: managing tt 
implementation of content man 
agement systems, developing 
project schedules, and doc 
menting new business processes) 
ERWin, MS Project, PowerPoint 
Use Case Analysis, Software 
Development Life Cycle/Method 
ology, Web Architecture. 40 
hrs/wk, M-F, 8-5, $65,000/yr 
Must have proof of legal authority 
to work in the United States 
Submit resume to the lowa 
Workforce Center, 800 7tt 
Street, SE, P.O. Box 729, Cedar 
Rapids, |A 52406-0729. Please 
refer to Job Order 1A1101608 
Employer paid advertisement 


Computers-Software Engineer 
needed. Centerville, OH come 

is seeking qual. cand. possessing 
BS or equiv. and/or rel. work exp 

Exp. must include 1 yr. working 
with Powerbuilder. Work with 3 of 
the following: Powerbuildt+, Clarity 
VB, Oracle, Sysbase, SQL . Mail 
resume & ref. to: Authorized 
Wireless, inc., Attn: HR, 5828 
Wilmington Pike, Centerville, OH 
45459 or email it to: authorized 


wireless @ msn.com 


Things are heating up in 

Phoenix with the 13th Annual 

aL 7 mela ee 
Career Expo around the corner! With over 200 corporate sponsors 
as well.as, highly esteemed business executives from Fortune 500 


companies, there is something for everyone! 


idee ico iale 


Hispanic professionals to immerse themselves in tt 


ors, Phoenix awaits the best and 


est 


ae eure rue R ee cul ieeem: lk aul eli a 


Software Engineer. Duties: Resp. 
for testing & verifying code for 
Telecom. PCS IT AD testing lab 
using Segue & Rational tools 
Support testing activities for 
key develop. efforts. Develop & 
maintain test guidelines, cases & 
scripts using Segue & Rational 
Tools. Determine test require 
ments. Coord. test scheduling & 
conduct system integration tests. 
Requires: B.S. (or foreign equiv.) 
in Comp. Sci., Eng. or a related 
field & 3 yrs. exp. in the job 
offered or 3 yrs. exp. as a QA 
Analyst, Systems Analyst or 
Prog. Concurrent exp. must incl 
2 yrs. exp. testing & verifying 
ode using Segue & Rational 
ols & 3 yrs. exp. developing & 
maintaining test guidelines 
Send resume (no calls) to 
Danielle David, CTG, Inc 
13220 Metcalf Ave., Ste. 140. 
Overland Park, KS 66213. 


ANALYST 


Computerworld + October 7, 2002 


SOFTWARE ENGINEER to de 
sign, develop, test and maintain 
application software for man 
agement information systems 
using object-oriented program 
ming, Java, C, C++, ProC, Oracle 
Harvest, Rational Rose, TogetnerJ 
StarTeam, PCVS, DB2, Visigenic's 
visibrokers and !ONA's Orbix 
Web under UNIX, SUN Solaris 
and Windows operating systems; 
Mentor and supervise junior 
software engineers and program 
mers. Require: M.S. degree in 
Computer Science, Systems 
Science, or a closely related field 
with one year of experience in 
the job offered or as a Systems 
Engineer. Extensive travel on as: 
signment to various client sites 
within the U.S. is required. Com 
petitive salary offered. Send 
resume to: Roz L. Alford, Principal, 
ASAP Staffing LLC, 3885 
Holcomb Bridge Rd., Norcross. 
GA 30092; Attn: Job MC. 


ANALYST 


Coid Fusion Developer. Develop, 
design, modify, and maintain the 
SQL2000 database-driven appli. 
cations for the foodservice.com 
website. Perform analysis and 
assist in the selection of appropnate 
technology through an under 
Standing of end-user needs and 
limitations. 

Competitive salary. Pnor experience 
must include five (5) years of 
experience utilizing Cold Fusion 
Java, JavaScript, Peri/ CGI 
SQL, ASP, Visual Basic, VBScript 
Visual Interdev, COM/DCOM 
and Object Oriented and distributed 
technology such as MTS and 
MSMO in applications regarding 
Website security, performance. 
and maintenance. Must have 
proof of legal authority to work in 
the U.S. Applicants should send 
fesume demonstrating all minimum 
requirements to: Foodbuy, LLC 
1000 Mansell Exchange West 
Suite 300, Alpharetta, GA 
30022. M/F/D/V. 


Synova Inc is seeking profes 
sionals with following skills 
Programmer/System Analysts 
Engineers in Mainframe, Client 
server, Technical/functional (SAP 
& Peoplesoft), Java, Rational/RUP. 
UML, Websphere, Weblogic, J2EE 
Unix DB2 DBA, Oracle, SQL 
DBAs. Respond to ads@sy 
vaine om 


Multiple openings for system 
analysts, s/w engineers by 
Innovative Consulting. BS/MS 
Jegree with 1-year experience 
equired. Skills of C/C++, VB 
Oracle, Java, Websphere/logic 
HTML, Unix, SQL, DB2 are pius 
(travel maybe required) nitact 
info @icscorpusa.com. EOE 


Call your 
ITcareers Sales 
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1-800-762-2977 
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Top 20 


Bill Murray, a spokesman 
for the NIPC, said the top 20 
list is based on what he called 
the 80-20 model. “It’s the 20 
vulnerabilities that are caus- 
ing about 80% of the serious 
intrusions,” said Murray. “The 
important thing is that now 
we have vendors that will al- 
low people to actually test for 
these vulnerabilities,” he said. 


Top 20 
Vulnerabilities 
WINDOWS SYSTEMS 
1. Internet Information 
Services (IIS) 


2. Microsoft Data Access 
Components: 


Remote Data Services 
3. Microsoft SQL Server 
4. NetBIOS: Unprotected 
Windows networking shares 
5. Anonymous Logon: 
Null sessions 
6. LAN Manager Authentica- 
tion: Weak LM hashing 


7. General Windows Authenti- 
cation: Accounts with no 
passwords or weak passwords 


8. Internet Explorer 
9. Remote Registry Access 
10. Windows scripting host 


UNIX SYSTEMS 


1. Remote Procedure 
Calls 


2. Apache Web Server 

3. Secure Shell 

4. Simple Network 
Management Protocol 

5. File transfer protocol 

6. R-Services: Trust 
Relationships 

7. Line Printer Daemon 

8. Sendmail 

9. BIND/DNS 

10. General Unix Authentica- 
tion: Accounts with no pass- 
words or weak passwords 

= For detailed descriptions: 

www.sans.org/top20/#index 


“In the past, companies have 
been on their own.” 

Each of the top 20 vulnera- 
bilities stems from software 
that shipped with one or more 
programming errors that, if 
left unfixed, allow hackers to 
gain remote access to systems 
(see box). 

Although the previous two 
| versions of the Top 20 list 
were successful in focusing at- 
tention on the most common 
security holes exploited by 
hackers, they failed to get the 
results that The SANS Insti- 
tute and other sponsors had 
hoped for, said Alan Paller, di- 
rector of the institute, in 
Bethesda, Md. The lack of re- 
sults was a byproduct of the 
unavailability of “commercial 
tools and, even more impor- 
tantly, commercial services to 
allow people to focus on 
them,” he said. 

This year’s list comes with 
specific product upgrades 


Continued from page 1 


J2EE 


by corporate IT shop, depend- 
ing on the skill levels of its de- 
velopers and the types of ap- 
plications being created. 

“The people who are build- 
ing J2EE systems today usually 
| don’t express that much con- 
cern about [J2EE complexity],” 
said Mike Gilpin, an analyst at 
Cambridge, Mass.-based Giga 
Information Group Inc. “But 
what you find if you talk to the 
level of management above 
that is that the people they 
have doing J2EE development 
today tend to be high-skilled, 
expensive resources, and 
they'd like to be able to use a 
broader cross-section of de- 
velopers for that platform.” 

How effective the rash of 
new tools will be at easing 
J2EE development remains an 
open question. Sunil Ramakr- 
ishnappa, a Web architect for 
Oakland County in Michigan, 
said J2EE is complex “if you 
| don’t know the concepts clear- 











NEWS 


from Foundstone Inc. in Mis- 
sion Viejo, Calif., and Internet 
Security Systems Inc. in At- 
lanta that target the new top 
20 vulnerability list. In addi- 
tion, Qualys Inc. in Redwood 
Shores, Calif., announced a 
free online scanning service 
that looks for the top 20 vul- 
nerabilities without installing 
new software on an organiza- 
tion’s network. Likewise, free 
open-source scanning prod- 
ucts were made available from 
The Nessus Organization, an 
online security scanner proj- 
ect, and Vienna, Va.-based Ad- 
vanced Research Corp. 

“For the first time, organiza- 
tions that do not have big se- 


| curity staffs can get at the top 


20,” said Paller. “The key is you 
don’t have to have in-house 
expertise on running and tun- 
ing a scanner, and the upfront 
investment is small enough 
that everyone can do it.” 

The affordability of the 


ly,” and tools alone won't elim- 
inate the need for knowledge 
about how the technology 
works. 

“You can have a very good 
car, but if you don’t know how 
to drive, it’s of no use,” he said. 


| Other Constraints 


The reason that some compa- 
nies have steered clear of J2EE 
has nothing to do with its 


| complexity. Amine Chouicha, 


a systems analyst at Chicago 


| Stock Exchange Inc., said his 


firm was an early adopter of 
Java but stayed away from the 


| cs 
| server-based J2EE technology 
| because its rules were too con- 


straining for the exchange’s fi- 
nancial applications. “J2EE has 
its own context. It just doesn’t 
apply to us,” he said. 

Ron Endres, an application 
development manager at Gen- 


| eral Casualty Company of 


Wisconsin in Sun Prairie, said 
his firm hasn’t acquired new 
applications that require J2EE, 


| and its programmers tend to 


favor Microsoft Corp.'s “devel- 


| oper-friendly” tools. 











| scanning tools is a critical 
| component of last week’s an- 


nouncement, said John Gilli- 


| gan, CIO of the U.S. Air Force 


and co-chairman of the Feder- 
al CIO Council’s Security 
Committee. “None of us can 


| afford the cost of a continual 


race against would-be cyber- 


| attackers using the current 


find-and-patch approach to 
deal with latent vulnerabilities 
in commercial software pack- 


| ages,” said Gilligan. “Simply 


the economic cost of this find- 


| and-patch mode of operating 


is enormous.” 

Gilligan also reiterated de- 
mands he and other govern- 
ment officials, such as Richard 
Clarke, chairman of the Presi- 
dent’s Critical Infrastructure 
Protection Board, have made 
in the past that the software 
industry take more proactive 
measures to improve baseline 


| security and reliability of their 
| products. 


“i 
Pros & Cons 
ADVANTAGES ae 
= Runs on any operating system 
(subject to adjustments) 

# Handles high-volume, high- 
transaction applications 

ws Affords users wide range of vet- 
eran enterprise vendor choices for 
tools, application servers 


= Steep learning curve for tools 
= Complex application program- 
ming interfaces 

= Can be costly to build, deploy 
and maintain applications 


Neville Teagarden, CIO at 
Navigant International Inc. in 
Englewood, Colo., said the 


| cost of retraining was the 


main reason Navigant opted 
for Microsoft’s .Net develop- 
ment platform, which shipped 
in February, over J2EE. “Our 
folks are far more Microsoft- 


| oriented,” he said. 


“The complexity doesn’t 
matter because .Net is proba- 
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“It is clear that the quality of 
software design and testing in 
the past does not measure up 


| to the needs of the present 
| and the future,” said Gilligan. 


“I challenge the leaders in the 
software industry, especially 
in the wake of the physical at- 
tacks on this nation, to work 
together to establish new stan- 


| dards of software quality, as 


well as effective methods to 
reduce the impact of current 


| vulnerabilities.” 


As part of the initiative, the 
General Services Administra- 
tion announced its SafeGuard 


| contracting program, under 
| which federal agencies can 


test for the top 20 vulnerabili- 
ties and get technical help in 
removing them. D 


The protective agency makes an effort to 


| sniff out unsecured wireless LANs 
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bly just as complex as J2EE,” 
Teagarden said. 

The complicated nature of 
building distributed compo- 
nent-based applications is dri- 
ving the complexity of .Net 
and J2EE, said Dan Sholler, an 
analyst at Meta Group Inc. in 
Stamford, Conn. He said tool 
vendors are taking a wide 
range of approaches to ad- 
dress the matter and that it 
will be interesting to see how 
successful they will be. 

“In the client/server world, 


there were a lot of these kinds 


of productivity tools built, and 
ultimately, only a few of them 


| had any real longevity in that 


environment,” he noted. 
Sholler said that the current 


crop of J2EE tools is in an ear- 


ly phase of development and 

that he expects to see consoli- 
dation. “But that’s not likely to 
occur for two years,” he said. D 


EASING THE PAIN 


For a summary of recent Java tools 
announcements, visit our Web site 


QuickLink 33406 
www.computerworld.com 
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ractice Questions 


RE BEST PRACTICES worth the trouble? Ask Procter & 
Gamble, which is saving $125 million a year by using a 
set of best practices for IT services management. 
That’s what Morton Cohen, P&G’s manager of global 
service management, said last month at the Interna- 
tional IT Service Management Summit in Boston. Cohen didn’t say 
how big a chunk of P&G’s IT budget that represents, but based on 
previously published numbers, it’s probably between 10% and 15%. 


That’s some impressive advantage — and it 
raises three interesting questions. 

The first is, of course, how did they do it? 
Four years ago P&G started implementing a set 
of best practices called the Information Tech- 
nology Infrastructure Library (ITIL), which 
was Originally developed a decade ago as a set 
of requirements for suppliers of IT services to 
the British government. 

ITIL, which is pretty popular in Europe but 
just starting to get attention in the U.S., is 
spelled out in books, CDs and other training 


materials. As with other best-practices regimes, 


such as Six Sigma and ISO 9000, there are ITIL 
governing bodies and certifications and regular 
updates to what constitutes the best practices. 

There’s no magic to what P&G did. The com- 
pany made the investment in training, got man- 
agement behind the effort and eventually had 
thousands of its IT people working from the 
same playbook. That consistency reduced sur- 
prises and cut the time spent duplicating ef- 
forts, reinventing wheels, putting out unneces- 
sary fires and deciphering nonstandard ap- 
proaches to routine IT-shop tasks. 

All of which adds up to less time wasted, 
more consistent work and greater efficiency 
and effectiveness — which translates into 10% 
or 15% in real dollars-and-cents advantage. 

The second question: Why is this 
big advantage from best practices 
such a surprise? Because P&G is do- 
ing what most of us refuse to be- 
lieve is possible. 

We haven’t taken that dive into 
best practices because, well, how 
could they be that much better than 
what we already do? After all, we 
know our jobs. We’re good at them. 

And we resist and resent the idea of 
some best-practices guru telling us 
we don’t know what we're doing. 

So we've told ourselves that what- 
ever we'd get out of adopting best 


practices — whether in services management 
or software development or help desk opera- 
tions or any other IT area — really wouldn’t be 
worth the trouble. 

We ignored people who successfully imple- 
mented best practices schemes and tried to tell 
us this stuff really works. We ignored them 
when they told us they saved money, that ser- 
vice quality and uptime improved, and that 
everybody inside and outside the IT shop was 
happy with the results. 

We kidded ourselves that it couldn’t be true. 
And when anyone tried to shove best practices 
down our throats, we fought it and made sure it 
cost more than it would ever be worth. 

And we got away with that, because business 
was good, and IT was growing in importance, 
and there weren’t many big IT shops with 
enough experience to cite hard numbers and 
identify real advantages from serious adoption 
of best practices. 

But now business is lousy, with no improve- 
ment in sight. IT has been cut to the bone. And 
to many IT shops, a 10% or 15% advantage from 
best practices — or even a 5% advantage — is 
sounding very attractive. 

That means lots of companies are looking se- 
riously at IT best practices these days. Very se- 
riously. Even if you’re not, you can be pretty 

sure your competitors are. 

Which means it’s no longer a 
question of whether someone in 
your industry sector will go after 
that best-practices advantage. It’s 
just a matter of when. 

And that leads us to the third 
question: 

Will yours be the IT organization 
that grabs a 10% or 15% advantage 
over your competition by adopting 
IT best practices? 

Or will your competition adopt 
best practices first — and get the 
advantage over you? B 
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Rated V for Violence 

This engineer pilot fish tries explaining to his manufac- 
turing-sawyy boss how the cold in his underheated 
office causes hard-disk problems. It's like acar’s 
starter motor, fish says; when it gets too cold, the 
spindle sticks and it can't tum. Next Monday, fish dis- 
covers how boss has tried to “fix” his PC over the. 
weekend: “He hit the thing several times with a 28- 
pound club hammer to try and loosen the spindle!” 


Hose It they'll give you 
it's not hard for they get the 
IT pilot fish to they'll get 
soownythis §— TANK oneyouns 
shop-floor 
printer isn't working - 
it's full of water. “We 
manufacture processed _ 
meats on this line, and 
the USDA requires that 
the entire room be 
scrubbed and hosed 
down from ceiling to. j 
floor several times a tan 
day,” plant worker tells poe 
him. “I guess someone eee 
forgot to wheel the print- | his laptop on IT director 
er cart outside before _ pilot fish's desk and 
taking a fire hose to the : growls, “It doesn’t 
room.” : work!” Sure enough, it 

? boots but won't respond 
Grill It i 


PC-repair pilot fish re- 
ceives a remote user’s 
laptop with a note that 
just reads, “Laptop will 
not boot.” Onthelap- 
odd, slightly blackened : pened? fish asks. “It 
marks in a large spiral. : crashed and lost an 
“Then | realized what it: hour’s worth of changes 
was,” fish groans. “The : to my spreadsheet,” CFO 
pattern matched the ; Snaris. “So f hit it.” 
heating element onan: 

: Smoke It 


| sawed it off until it did.” 


electric stove - and it 
was melted into the bot- : “I turned my computer 
tom of the laptop.” : on and it started smok- 

; : ing,” user tells help desk 
Trim it : pilot fish. OK, says fish, 
After an hour of phone 


troubleshooting, this ; the computer and the 
Sear say EOE SEL ner eaten “Oh, | 
still won't work. Take it 

back to the store, sup- = 

port pilot fish suggests. i 

Not a good idea, user 

ey 
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EXPLORE, EXPERIENCE, DECIDE. | Pa 
Your Future is at COMDEX. 


PTC — Free to all COMDEX attendees 
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Lotus. software 


EASIER TO MANAGE, 


SAVES MO , 
SLAM DUNK FOR THE 


NEW LOTUS NOTES. 


e game. Play 


is Notes, Domino, Tiv 


Introducing Lotus Notes*/Domino™ 6. It's the easiest to manage, most cost-effective 

Notes/Domino ever. It streamlines administration, frees up network resources and ; 

slashes downtime. Storage costs can fall by up to 15%. Notes/Domino 6 has unsurpassed (O business is the game. Play to win.” 
power and control for managing thousands of users. Lotus, part of the software team : 

that includes We ; 2° and Tivoli® Take a test-drive at ibm.com/lotus/win 





